GameStop Investigating Data Breach That Leaked Credit Card Information

Over the past couple of years, major data breaches have grown from being the exception to the norm. It seems like companies are under a constant onslaught as black hats commit even more resources to seize their lucrative customer information. Over the weekend, a new data breach has emerged from GameStop which appears to have resulted in the compromise of sensitive credit card information.

According to the report, GameStop has begun an investigation into a possible breach of their online storefront website. The company was notified after a third-party found credit cards used on GameStop.com for sale online. Other firms in the financial industry also noticed that there was credit card fraud with GameStop being the common denominator. The information taken reported includes customer card number, expiration date, name, address and card verification value (CVV2). The breaches reportedly took place in September of 2016 and in February 2017.

The loss of CVV2 is a major blow as it is used to verify a credit card for online sales. Merchants are not supposed to store the CVV2 value as part of the transaction due to security concerns. However, it is possible for an intruder to hijack the website servers to capture the CVV2 code after the customer has entered it and before it is encrypted for transport to the processor. So far GameStop has brought in a security firm to help investigate the issue.