The global video game retailer GameStop is currently investigating reports that its website was breached.
Hackers may have stolen sensitive customer data — including credit card numbers, expiration dates, names, addresses, and card verification values (CVV2) — from GameStop.com online shoppers, according to security news source KrebsOnSecurity.
If confirmed, the implications of this reported data breach could be severe. Although online merchants are not supposed to store customers’ CVV2 codes (the 3-digit security code found on the backs of credit cards), hackers can install malicious software on a company’s website, says KrebsOnSecurity. This allows cyber thieves to copy and record this crucial piece of financial information.
Financial Industry Sources: GameStop Was Likely Compromised
Sources within the financial industry tipped off KrebsOnSecurity about the potential breach. These sources cite alerts from a credit card processor that suggest that the website was likely compromised by hackers between Sept. 2016 and the beginning of Feb. 2017.
“We regret any concern this situation may cause for our customers,” GameStop announced in a press statement. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges.”
Gamestop.com Not the Only Retailer Website Dealing with Possible Breach
The news of the potential GameStop website breach arrives just weeks after Saks Fifth Avenue first revealed its own data breach.
The luxury retailer reportedly exposed the personal information of tens of thousands of online customers back in March via unencrypted, publicly accessible pages on the Saks Fifth Avenue website. This data included customers’ emails, phone numbers, IP addresses, and identification codes for products the customers expressed interest in purchasing.
Data breaches have become alarmingly prevalent over the past few years. As a result, affected customers have filed lawsuits demanding accountability and increased protection of their information.
Yahoo Data Breach: The Biggest Class Action in History
The infamous Yahoo data breach, which allegedly compromised the sensitive data of up to a billion people globally, sparked the largest class action lawsuit in history.
The tech giant failed to inform the public about the data breaches — which started as early as 2014 — until Sept. 2016, despite multiple state laws which require companies to contact victims of data breaches within 30 days of becoming aware of them.
This landmark class action against Yahoo, led by Morgan & Morgan Complex Litigation Group attorney John A. Yachunis, seeks hundreds of millions of dollars in damages, as well as greater cybersecurity measures.
GameStop Online Shoppers Are at Risk
If the reported GameStop data breach is confirmed, online shoppers between late 2016 and early 2017 could be at risk. Shoppers are advised to monitor their credit card statements for any fraudulent or suspicious chargers.
If you were notified of a data breach after shopping online at gamestop.com, our attorneys want to hear from you. You may be entitled to compensation for the exposure of your sensitive credit card data and more. ∂s