ZAGG Discloses Data Breach Affecting People Nationwide

Published
January 13, 2025
Updated
January 13, 2025
ZAGG Discloses Data Breach Affecting People Nationwide
ZAGG
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

ZAGG

data breach?

Join the Lawsuit

It's free to join. 

Banner advertisement for ExpressVPN to take control of your online security

Claim Depot may receieve a commission from links on this page

On November 8, 2024, ZAGG Inc, a leading consumer electronics company, discovered a data breach that compromised sensitive customer information. The breach occurred due to a malicious attack on a third-party application called "FreshClick," which was integrated into ZAGG's e-commerce platform, BigCommerce.

According to the investigation, an unknown actor injected malicious code into the FreshClick app, enabling the theft of payment card data entered by customers during the checkout process on ZAGG.com. The malicious activity occurred between October 26, 2024, and November 7, 2024.

The breach exposed the following types of consumer information:

  • Names
  • Addresses
  • Payment card data, including credit and debit card numbers

The breach has been reported to multiple state attorney general offices. For example, the Maine Attorney General's office disclosed that six residents of Maine were affected. Similarly, the Massachusetts Attorney General's office reported that 37 residents of Massachusetts were impacted. The Vermont Attorney General's office also received a disclosure about the breach.

While the total number of affected individuals across the United States has not been reported, it is clear that the breach has had a significant impact on customers who made purchases on ZAGG's website during the specified timeframe.

ZAGG's response

ZAGG Inc took immediate action upon learning of the breach. The company worked with its e-commerce platform provider, BigCommerce, to secure the ZAGG.com website and launched an investigation to determine the scope of the incident.

Federal law enforcement agencies were notified, and ZAGG has been cooperating with regulatory authorities to address the breach.

To help affected customers, ZAGG is offering complimentary access to Experian IdentityWorks for a specified period. This service includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Additionally, the company has implemented enhanced security measures to prevent similar incidents in the future.

Steps for affected individuals

If you believe you may have been affected by this data breach, it is important to take the following steps to protect your personal information and financial accounts:

  1. Monitor your financial accounts. Regularly review your bank and credit card statements for unauthorized transactions. Report any suspicious activity to your financial institution immediately.
  2. Obtain your free credit report. Visit AnnualCreditReport.com to request a free copy of your credit report from each of the three major credit reporting bureaus (Equifax, Experian, and TransUnion).
  3. Place a fraud alert or credit freeze. Consider placing a fraud alert or credit freeze on your credit file to prevent unauthorized access. Contact the credit bureaus directly to initiate these measures.
  4. Enroll in credit monitoring services. Take advantage of the complimentary Experian IdentityWorks membership offered by ZAGG. Follow the instructions in the notice to consumers to enroll before the deadline.
  5. Remain vigilant. Be cautious of phishing emails or phone calls that attempt to exploit the breach. Avoid sharing sensitive information unless you can verify the legitimacy of the request.

For additional guidance, you can contact the Federal Trade Commission at IdentityTheft.gov or your state's attorney general office.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image