The multibillion-dollar video game retailer GameStop.com is investigating a possible hack of credit card data. The data was then up for sale on a black market website.
“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” the company said in a statement to CyberScoop. “That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”
Citing multiple anonymous sources in the financial industry, journalist Brian Krebs reported that the breach likely spanned five months from the middle of September 2016 to the first week of February 2017. The data being sold includes customer card number, expiration date, name, address and card verification value.
GameStop did not respond to questions about the time frame of either the possible breach or the ongoing investigation.
The company’s stock is down slightly since Krebs broke the news this morning, but it’s been rough going for GameStop’s stock all year.
“We regret any concern this situation may cause for our customers,” a company spokesperson said. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”