GameStop Currently Investigating Possible Data Breach

Data Breach
GameStop Storefront image

Attribution: Mike Mozart

GameStop is the most recent potential victim of cyber data breach, and the company recently hired a leading security firm to conduct an investigation into allegations that the company’s website was hacked and that customer data and credit card information was stolen. According to reports, a third party found data available for sale on a black market website, which was believed to have been illegally obtained from Gamestop.com through hacking activity.

The popular video game store chain has thousands of retail stores nationwide, but also operates a successful online store. It is believed that Gamestop.com was hacked and that the data was stolen through the use of malware that garnered access to the company’s servers, but this is yet to be confirmed. The alleged GameStop data breach is thought to have occurred between September 2016 and early February 2017. The potential data that was stolen includes customers names, addresses, and credit card data, including credit card numbers, expiration dates, and card verification values (CVV2 codes, i.e., the three, or sometimes four, digit security code that is usually located on the back of a credit card).

CVV2 Codes are Not Supposed to be Stored by Online Retailers

An interesting likely clue concerning this data breach is that it is suspected that CVV2 credit card codes are believed to be stolen. CVV2 codes are not supposed to be stored by online retailers in accordance with the Payment Card Industry Data Security Standard (PCI DSS), which suggests that the hackers intercepted these codes, rather than plundered them from a GameStop server. PCI DSS only allow merchants to store account numbers, card holder name data, expiration date data, and service code information for the card. Merchants cannot store CVV2 codes, PIN data for the credit card or magnetic strip information.

At this time it is believed that the hackers may have used some sort of malware to capture the CVV2 credit card codes as the customer entered it into the website to pay for merchandise online. CVV2 codes are highly valuable credit card data.

GameStop has confirmed that a data breach may have occurred and has promised to immediately get to the bottom of the alleged data breach and is asking anyone who may have made an online purchase through their website to take precautions. Specifically, GameStop online customers should check their credit card statements for fraudulent activities.

Breach Notification Laws

Security breaches similar to the GameStop data breach happen to all kinds of businesses. Any business could become a victim of hacking, so it is important for companies to implement measures and policies designed to reduce that risk. In the event that your business is subject to a data breach, experienced data breach lawyers can ensure compliance with applicable breach notification requirements. 

 

Extra, Extra!
Recent Posts

Trademarks: What is the Difference Between the Circle R and TM Symbols?

Trademarks: What is the Difference Between the Circle R and TM Symbols?

Trademark

The Circle R and the TM symbols both relate to trademarks and both can be physically placed on products, packaging, advertising materials, websites, etc. The Circle R symbol is an “R” enclosed in a circle (®). While both are trademark-related symbols, there are different eligibility requirements for use, meanings, and implications. Here is a quick […]

Read more about Trademarks: What is the Difference Between the Circle R and TM Symbols?

Is Your E-Commerce Advertising in Compliance With Existing Laws?

Is Your E-Commerce Advertising in Compliance With Existing Laws?

Internet Law

E-commerce businesses must comply with federal and State-level advertising laws and regulations. This is true of any business. But e-commerce businesses face special challenges because there is a whole array of potential methods of innocently, accidentally, or intentionally violating advertising laws. These include the potential to engage in false and deceptive advertising practices, such as […]

Read more about Is Your E-Commerce Advertising in Compliance With Existing Laws?

Put Revision Legal on your side