American retailer, GameStop, is investigating in a potential security breach which might involve customer personal data, which includes credit card details. The possible breach was confirmed to Brian Krebs, a computer security journalist. The breach allegedly took place between September 2016 and February 2017. GameStop confirmed to Krebs on Security that “GameStop recently received notification from a third-party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website”. The company also included that since “that day, a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”
Since GameStop is not allowed to store CVV codes in its database, this code can be obtained by placing malicious software on the e-commerce website so that the data is copied and recorded by the intruders before it is encrypted and transmitted to be processed. In the year 2016, the american retailer generated a whopping $8.6 billion in revenue through its website and its 7000 retail stores through the United States, Canada, Australia, New Zealand and Europe.
Its is advisable for people who might have used their credit cards on GameStop in that time frame to take a close look on their transactions to prevent unauthorised activity.
“We regret any concern this situation may cause for our customers. GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.” – GameStop.com
Via: | Engadget |
Source: | Krebs On Security |
Image Credits: | Business Insider |