Privacy Ninja

Online Gun Shops in the US Hacked to Steal Credit Cards

Online Gun Shops in the US Hacked to Steal Credit Cards

Two two American gun shops,  Rainier Arms and Numrich Gun Parts, that operate e-commerce sites have disclosed data breaches resulting from card skimmer infections on their sites.

Credit card skimmers are malicious JavaScript code either embedded on the sites or fetched from a remote resource by a seemingly innocuous element, such as a favicon. Their purpose is to steal payment information entered on order checkout pages.

The operators of these skimmers can steal credit card numbers, expiration dates, CVV codes, customer names, phone numbers, and addresses, which is all they need to perform unauthorized online purchases.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

Rainier Arms breach

Ranier Arms, who operates on, says they began receiving reports of unauthorized payment card activity of cards of its customers as early as December 2021. 

After conducting an investigation, the company located the malicious card-stealing code on its site on April 21, 2022, and determined that it was actively harvesting payment details between June 1, 2021, and January 19, 2022.

Customers who made online purchases between those dates should consider their credit card details compromised and request a card replacement from your bank.

Rainier Arms sent 46,319 notices to impacted customers, a copy of which can be found on the online portal of Montana’s Attorney General.

Numrich breach

Numrich Gun Parts Corporation, whose website is, suffered a similar breach on its website, which it discovered on March 28, 2022.

The subsequent investigation showed that payment information entered on the site between January 23, 2022, and April 5, 2022, was stolen by an unknown actor.

According to a notice shared with the Office of the Maine Attorney General, the number of affected customers is 45,169, all of whom will receive a data breach notice in the following days.

Also Read: How long do employers keep employee records after termination?

Impact of exposure

Having your credit or debit card details stolen is a direct threat to your financial integrity as threat actors are enabled to perform unauthorized purchases with your balance, but in this case, that’s not the whole story.

Gun ownership is a sensitive topic in itself, so identifying large firearms purchases could put customers in the crosshairs of criminals who are on the lookout for valuable stashes.

Especially in the case of Rainier Arms, which sells high-end tactical rifles, the scenario can become even more tempting for criminals.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us