Hackers infiltrated Top 40 distributor DiscountMugs.com’s (asi/181120) website with malicious code in a cyberattack aimed at siphoning off customers’ credit cards and other personal information, according to a notice the company issued to alert potentially affected customers.

The data breach lasted from August 5, 2018 through November 16, 2018. When DiscountMugs.com discovered the code, it removed it. “We immediately removed the unauthorized code and reported the matter to law enforcement and to the payment card companies,” CEO Sai Koppaka said.

While the company didn’t say how many clients were affected, TechCrunch reported it could number in the thousands, given the amount of transactions that occurred on the website during the months-long breach. In terms of web traffic, DiscountMugs.com ranks in the top 9,000 sites in the United States, with thousands of visitors daily, Alexa data shows.

According to DiscountMugs.com, hackers injected the information-skimming code into the shopping cart page of the company’s website. The code was designed to capture personal information customers input into the page, including name, address, phone number, email address, credit or debit card number, card expiration date, and card security code. DiscountMugs.com does not require PINs when clients use debit cards to pay, so those were not subject to being stolen, the company said.

Koppaka emphasized that DiscountMugs.com acted swiftly to quash the attack once it was discovered. “As soon as we learned of this situation, we immediately launched an investigation and retained a leading computer security firm,” Koppaka said. In a statement to Counselor, he added: “We have and will continue to take steps to improve our security posture based on the findings of the investigation. We have also notified the individuals who were potentially impacted by this issue and are providing identity theft protection to them at no charge.”

With reported 2017 North American promotional products revenue of $210 million, DiscountMugs.com ranks 8th on Counselor’s latest list of the largest distributors in the promo industry.

Unfortunately, DiscountMugs.com is far from the only firm to be victimized by the “Magecart” group of hackers, TechCrunch reported. In recent years, the criminals have reportedly targeted thousands of websites, stealing credit card information from customers and clandestinely shipping the data back to the hackers’ servers. British Airways and Ticketmaster are among the other victims.

Meanwhile, last spring, promotional products firms suffered an onslaught of malware attacks. The menacing viruses targeted both suppliers and distributors in the $23.6 billion industry, attacking companies big and small, including firms on Counselor’s Top 40 lists. The attacks occurred amid warnings from government cyber security officials in the U.S. and U.K. that Russia-backed hackers had their sights set on western businesses and individuals, though whether or not the Kremlin was behind the malware offensive on promo firms is unknown.

This article from Counselor has expert tips on how to improve cyber security. Separately, another piece also has helpful strategies and in-depth information about the attacks.