This Week in Breach: Topps Sports Cards

March 11th, 2019 by admin

Yellow Rotary Phone on Table Next to Teal Blue Sofa

Attention, sports fans.  If you used your credit card to buy anything from the Topps website over the past few months, your credit card information may have been compromised.  

Recently, the company sent out a notice to potentially impacted customers who made a purchase between November 19, 2018 and January 9, 2019. During this time, hackers gained access to personal information like names, credit and debit card numbers, expiration dates and security codes.  Plus, mailing addresses, phone numbers and email addresses were also at risk. If you used PayPal, you're good.  

As soon as they became aware of this major breach, Topps had an outside company do a security audit of their site which lead to them removing malicious code.  Plus, they upgraded their site and its security.  

Exploit: Form-jacking attack
Topps: Sports trading card and collectible company

Risk to Small Business: 1.666 = Severe: After initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs.

Individual Risk: 2.428 = Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft.

How it Could Affect Your Business: Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers.

Contrast Communications to the Rescue:  We can find out how payment data is being used on the Dark Web, even in the case of a malware attack. 

Posted in: Uncategorized, This Week in Breach