Nippon Ichi Software announced news that its American division, NIS America, was the victim of a major data breach that exposed the personal and financial data of online customers.
According to the International Business Times, the Japanese gaming developer has offered those affected by the breach special codes for a $5 discount on their next purchase.
The company revealed the breach in an email sent out to affected customers last week, saying the hack took place sometime between Jan. 23, 2018, and Feb. 26, 2018. While the hackers were able to access customers’ payment card details and address information for orders paid for with a credit card, customers who placed orders using PayPal were not affected.
“On the morning of Feb. 26, we became aware of a malicious process that had attached itself to our checkout page,” NIS America said in the email. “This process was being used as far back as Jan. 23, 2018, to skim personal information provided by our customers during checkout after they placed an order at our store. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.”
The company explained that it doesn’t store payment information for its customers, but did encourage everyone to change their passwords, as well as monitor their bank or credit card statements for any suspicious activity.
“User accounts are used primarily to track past orders and gain reward points. Data for past orders is stored securely and will only show the last four digits of a credit card and will not show the CVV security code or expiration date,” the company stated.
While NIS America didn’t reveal how many customers were affected by the breach, it did its best to alleviate any concerns for future breaches. The company reiterated that once the hack was discovered, its store pages were immediately taken offline and scanned to determine “the exact point of entry as well as [to] determine when this change occurred on our online stores.”
“We have taken steps to solve the issue that resulted in this breach, along with several other steps to improve our site’s security,” the company said. “At this time, we can say that we have identified the issue, removed it from our website and taken steps to prevent this issue from recurring, as well as added new security to our online stores.”