GameStop Investigating Major Credit Card Breach Of Online Customer Data


New and used games retailer GameStop has found itself in a bit of a rough patch these days. The company recently reported less-than-stellar fourth quarter results and is planning to close at least 150 brick-and-mortar locations, and perhaps as many as 225. That is on top of the store locations it closed just a few years ago. While it deals with ways to increase revenue and profits, it now finds itself investigating a potential security breach that may have compromised credit card and customer data.

Security hound KrebsOnSecurity heard from two unnamed sources in the financial industry that they received alerts from a credit card processor indicating that GameStop was likely hacked sometime between mid-September 2016 and the first week of February 2017. GameStop did not deny that its systems might have been breached, telling the security blog that it has hired a professional security firm to look into the matter.

"GameStop recently received notification from a third party that it believed payment card data from cards used on the website was being offered for sale on a website,” a company spokesman said. "That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified."

Credit Card

It is believed that hackers were able to obtain credit card numbers, expiration dates, names, addresses, and card verification values (CVV2 codes), which are those three-digit (usually) numbers found on the back of credit cards.

The hackers responsible may have used special software (malware) to record and transmit CVV2 codes before they get encrypted. Otherwise, it would be difficult to obtain that data, as web retailers are now allowed to store CVV2 codes.

"We regret any concern this situation may cause for our customers," GameStop said in a statement. "GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported."

Meanwhile, GameStop has to figure out its own financial situation. Global sales at GameStop declined 13.6 percent to $3.05 billion in the fourth quarter for its fiscal year ended January 28, 2017. The company said its results were "significantly impacted by weak sales of certain AAA titles," along with competitors running "aggressive console promotions" on Thanksgiving and Black Friday. That caused a 29.1 percent decline in new hardware sales and 19.3 percent drop in software sales.

Top Image Credit: Flickr (Daniel Oines)
Thumbnail Image Source: Flickr (Mike Mozart)