GameStop, the video game retailer, is looking into reports that hackers may have stolen credit card information and customer data from its gamestop.com website.
According to a report on KrebsOnSecurity, GameStop said: “GameStop recently received notification from a third party that it believed payment card data from cards used on the gamestop.com website was being offered for sale on a website. That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified,” the company’s statement continued.
Two sources in the financial industry told KrebsOnSecurity they were told from a credit card processor that gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017. The data is thought to include credit card numbers, expiration dates, names, addresses and card verification values. While merchants online aren’t allowed to store the card verification value, hackers are able to steal them via malicious software on the website.
GameStop would not say when the potential breach happened or the type of data that may have been impacted. “We regret any concern this situation may cause for our customers,” GameStop said in its statement. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card, because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”
The potential hack comes at a bad time for GameStop. The retailer performed poorly during the holiday selling season, and things haven’t gotten much better as it reels from a lack of demand and a changing way consumers purchase their video games, with digital downloads growing in popularity.