GameStop Notifying Customers Nine Months After Breach
Posted by: Timothy Weaver on 06/09/2017 03:41 PM
[
Comments
]
After a delay of nine months, GameStop customers are finally getting notification that their personal and financial information may have been compromised in a breach.
The notification letters are informing customers that an unknown number of customers may have had their information that includes card numbers, expiration dates, names, addresses and the three-digit card verification values (CVV2) exposed in the breach.
The company announced that the breach occurred between Aug. 10, 2016 thru Feb. 9, 2017.
Ryan Duff, a former cyber operations tactician at U.S. Cyber Command and a GameStop customer said: “I’m pretty upset at GameStop. I should have been notified when they knew about it in April.”
Duff stated that, according to his bank, the card he used on GameStop in November has been compromised.
Laws in many states mandate that victims be notified “as soon as practicable and without unreasonable delay”. Companies could face fines for delaying the notifications.
GameStop chief executive officer J. Paul Raines wrote: “After receiving a report that data from payment card used on www.GameStop.com may have been obtained by unauthorized individuals, we immediately began an investigation and hired a leading cybersecurity firm to assist us.”
“GameStop identified and addressed a potential security incident that was related to transactions made on GameStop’s website during a specific period of time,” the company said in a statement. “GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take.”
Source: Threat Post
The notification letters are informing customers that an unknown number of customers may have had their information that includes card numbers, expiration dates, names, addresses and the three-digit card verification values (CVV2) exposed in the breach.The company announced that the breach occurred between Aug. 10, 2016 thru Feb. 9, 2017.
Ryan Duff, a former cyber operations tactician at U.S. Cyber Command and a GameStop customer said: “I’m pretty upset at GameStop. I should have been notified when they knew about it in April.”
Duff stated that, according to his bank, the card he used on GameStop in November has been compromised.
Laws in many states mandate that victims be notified “as soon as practicable and without unreasonable delay”. Companies could face fines for delaying the notifications.
GameStop chief executive officer J. Paul Raines wrote: “After receiving a report that data from payment card used on www.GameStop.com may have been obtained by unauthorized individuals, we immediately began an investigation and hired a leading cybersecurity firm to assist us.”
“GameStop identified and addressed a potential security incident that was related to transactions made on GameStop’s website during a specific period of time,” the company said in a statement. “GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take.”
Source: Threat Post
Comments
