American football franchise Green Bay Packers has rolled out an advisory to warn its fans about a threat actor that hacked its official online retail store.
The advisory stated that the attacker had implanted a card skimmer script, which allowed it to harvest consumers’ personal and financial information.
After identifying the issue in October last year, this NFL franchise insisted that it immediately blocked all its checkout and payment capabilities. According to one of its representatives, they hunted down the compromise after receiving reports about a malicious code the cybercriminals installed on its website.
The NFL franchise also employed a third-party security provider to allegedly help them assess the incident’s impact and determine whether any consumer information was affected.
The hack on the Green Bay Packers online store could reportedly harvest information.
According to investigations, the malicious code launched on the Green Bay Packers online store could capture personal and payment information between late September and early October last year.
However, the Packers claim the attacker could not collect information from payments made with a gift card, Pro Shop website account, or Amazon Pay. On the other hand, the researchers who alerted the NFL franchise about the breach discovered that the skimming attack employed a JSONP callback and YouTube’s oEmbed functionality to avoid the Content Security Policy.
The alleged affected information includes the data placed on the Pro Shop website during purchase, such as names, billing addresses, shipping addresses, email addresses, credit card types, numbers, expiration dates, and verification numbers.
The Packers have yet to disclose the number of customers affected by this data breach or how the threat actor acquired initial access to their Pro Shop website.
Furthermore, the NFL franchise now offers three years of credit monitoring and identity theft protection provisions to anyone affected by the incident. Those affected should check their account statements for fraudulent activities.
Those who suspect identity theft or fraudulent activities on their accounts should immediately notify their banks and the appropriate authorities to avoid further compromise.