Back in April we reported that GameStop customers may have been at risk of having their credit card and personal information stolen after a server breach. Krebs on Security received a statement from GameStop confirming that the breach had occurred, and yesterday GameStop customers all over the country received letters confirming that their information is at risk.
Videos by ComicBook.com
In the letter GameStop confirms that if you did any shopping on GameStop’s site from August 10, 2016 to February 9, 2017, there’s a good chance that your credit card info, name, and address is in someone else’s database somewhere. In a statement (via Kotaku), GameStop said the following:
“GameStop identified and addressed a potential security incident that was related to transactions made on GameStop’s website during a specific period of time. GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take.”
Not very specific, is it? GameStop’s statement back in April was actually a little more specific, and sheds a more revealing light on what happened:
“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”
If you received a letter or did any shopping during that August-to-February stretch, then it’s time to take some precautionary measures. We know it’s a massive headache, but you may want to go ahead and freeze your current cards and order some new ones and, in the meantime, monitor your recent bank statements and scan for any weird charges, big or small.
GameStop continued: “We regret any concern this situation may cause for our customers. GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”
We think they meant to say, “We’re sorry.”
