The sports trading card and collectible company Topps has suffered a Formjacking attack, resulting in the exposure of payment card details of its customers. The company believes that the personal data of some customers may have been compromised in the attack.
What's the matter - According to the data breach notification, the company learned about the attack on December 26, 2018, and immediately started an investigation. On January 10, 2019, it was confirmed that there was unauthorized access to the website Topps.com. This may have resulted in the compromise of payment card and other details of customers who placed orders through the website between November 19, 2018, and January 9, 2019.
What information was involved - The information compromised in the attack includes customers’ names, mailing addresses, telephone numbers, email addresses. The payment card details breached in the incident include credit/debit card number, card expiration date, and security code.
“Based on our investigation, we have no reason to believe that information for customers who completed a purchase through PayPal was affected,” reads the data breach notification.
What measures were taken - Upon discovery, the company was quick at taking action to contain the issue. It hired an external security firm to examine its network. In addition, it also implemented measures to enhance the security of its systems and website. It has also notified the affected users about the breach.
The company has urged its customers to review their payment card statements for any unauthorized activity. This will help them to stay safe from identity theft.