Magecart group targeted Claire s after it shuttered its retail locations due to coronavirus. Magecart is an umbrella term encompassing several different threat groups who typically use the same modus operandi. Code was added to the online check-out pages for the stores, and linked to the Submit button that shoppers use to submit their payment information. The malware was injected into the Claire’s official eCommerce website (and that of its sister store, Icing), starting in late April.
Source: https://threatpost.com/claires-customers-magecart-payment-card-skimmer/156552/