GameStop Confirms Credit Card Breach
Gamestop has confirmed that anyone who made a purchase on its website may have had their payment card details stolen.
The video game retailer sent a letter to several shoppers, including the editor of Kotaku, that stated that cybercriminals may have obtained the names, addresses and payment card information of anyone who “placed or attempted to place orders on our website from August 10, 2016 to February 9, 2017.”
Not only was the data stolen, the Texas-based company told KrebsonSecurity the information may already be for sale on the dark web. A company spokesman said, “GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website.”
Some sources are also reporting that the three-digit CVV2 code has also been compromised. Krebs wrote that online merchants are not supposed to store this code, but hackers can steal it by placing malicious software on a company’s website so they can copy the data and record it before it is encrypted and transmitted.
The company says a “leading security firm” has been hired to investigate the breach, but they are asking customers to closely monitor their credit card and bank statements to identify any fraudulent activity. If a fraudulent charge is found, GameStop urges customers to “report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”
This breach could not come at a worse time for the company. Their stock prices have dropped 25% in the past year, and they have announced plans to close 150 stores due to decreased sales.
The company has not reported how many customers could have been affected by this breach.