BreachExchange mailing list archives
Topps Security Breach May Have Exposed Customer Information
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 4 Mar 2019 08:08:52 -0600
https://www.sportscollectorsdaily.com/topps-website-security-breach-may-have-exposed-customer-information/ Topps has announced a security breach that may have impacted customers who used the company’s website from November 19-January 9, 2019. Topps filed a data brief notification late last week. They’re telling customers they became aware of possible unauthorized access on December 26 and launched an investigation with help from an external security firm. On January 10, they confirmed hackers may have had access to or acquired payment card and other information from customers who placed orders on Topps.com during that 51-day period. It’s believed those who paid with Paypal were not affected by the breach. “While we cannot confirm whether your personal information was accessed or acquired, the investigation confirmed that this was possible during the relevant time period,” Topps stated in its notification. “ It is possible that this incident compromised names, mailing addresses, telephone numbers, e-mail addresses, and payment information (including credit/ debit number, card expiration date, and security code) for customers who completed a purchase through the Topps website between November 19, 2018 and January 9, 2019.” According to BleepingComputer.com, a malicious script known as a MageCart attack was inserted into the company’s website using Javascript. That script would then capture payment information, sending it to a remote site where it could be collected by the attackers. Topps is telling customers to review card statements to look for any suspicious or unauthorized activity. They’re also suggesting customers who made a purchase using a payment card to contact credit reporting agencies to place a fraud alert on their credit files. Topps was hit with a similar attack in late 2016. Topps says it has been working with a security firm “to implement measures to strengthen the security of our systems and help prevent a similar incident from happening again.” They say they have “upgraded the Topps.com website platform.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Topps Security Breach May Have Exposed Customer Information Destry Winant (Mar 04)