Your credit card information seems to be at risk of being stolen no matter where you shop nowadays. Cybercriminals are constantly poking holes at payment systems and are getting more and more brazen in the ways they try and pilfer your money. In the last year alone, we’ve seen major data breaches at retailers, hotels and even hospitals.
An ongoing investigation on a recent attack on a major retailer proves yet another thing about data breaches: It could take months before evidence of credit card theft surfaces.
Security website Krebs on Security revealed on Friday video game retailer GameStop is investigating reports a security breach may have allowed thieves to steal customer data and credit card information from its online store.
“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a GameStop spokesman wrote in response to the initial report.
Krebs on Security notified the retailer of the possible breach after two sources tipped the security website that they received alerts from a credit card processor.
“That day, a leading security firm was engaged to investigate these claims. GameStop has and will continue to work nonstop to address this report and take appropriate measures to eradicate any issue that may be identified,” the company spokesman continued.
So far, the reports state that the intrusion only affects online shoppers at GameStop.com from mid-September 2016 to the first week of February 2017. Thankfully, reports indicate the breach does not affect the company’s more than 7,000 brick-and-mortar stores.
The compromised data may include customer credit card numbers, expiration dates, names, addresses and the three-digit security codes on the back of the credit cards.
According to Krebs on Security, online stores are not supposed to store CVV2 codes, but if malware infects a company’s e-commerce site, hackers can steal the codes before they’re encrypted.
GameStop still hasn’t confirmed the timeframe of the hacks nor the number of customers and type of data affected, but they’re advising its customers to take proactive measures.
“We regret any concern this situation may cause for our customers,” Game Stop said in its statement. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card, because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”
Steps to protect yourself
If you’ve shopped on GameStop.com during these past few months, here are additional measures you should take:
- Keep an eye on your bank accounts — You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately. This is especially true when there are reports of credit and debit card fraud.
- Change your password — Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Beware of phishing scams — Scammers will try and piggyback on highly reported cybercrimes. They’ll create phishing emails, pretending to be the affected company, hoping to get victims to click malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords — Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
- Have strong security software — Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.