[BreachExchange] Topps Tells Customers of Online Security Breach

Audrey McNeil audrey at riskbasedsecurity.com
Fri Dec 30 13:52:00 EST 2016


http://www.sportscollectorsdaily.com/topps-tells-customers-online-
security-breach/

Hackers gained access to Topps’ website during the summer and early fall,
possibly compromising customer information.

On Wednesday, the company sent out an email to those who may have been
affected by the security breach (see below).  Topps stated it became aware
on October 12 of thus year that “one or more intruders gained unauthorized
access to its website.”

Customer names, addresses, email addresses, phone numbers, credit or debit
card numbers, card expiration dates and verification numbers may have been
stolen as buyers placed orders for merchandise on the site as early as July
30.  Customers who used PayPal are not believed to have been affected by
the breach.

After learning of the situation, Topps says it worked with an online
security company, its web developer and hosting company to address the
issues.

While the majority of collectors who entered their information may not be
impacted, some say their credit card numbers have been used to make
fraudulent purchases after they had ordered cards through the Topps NOW
platform. After reporting those phony charges, the credit card companies
deactivated the credit cards and issued new ones.

Online security breaches aren’t new, with even retail giants impacted over
the last several years as hacking attempts become more commonplace and
sophisticated.  As other companies have done, Topps is offering a year’s
worth of identity theft protection to those who may have been impacted by
the breach.  They also encouraged customers to watch their credit card
statements for any fraudulent charges.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161230/5e0ad7c4/attachment.html>


More information about the BreachExchange mailing list