Topps Website Attacked for a Second Time
If you used your credit card to buy something from the Topps website over the past few months, your credit card information may have been compromised.
Recently, the company sent out a notice to potentially impacted customers. Those at risk made a purchase between November 19, 2018 and January 9, 2019. It was during this time that hackers gained access to personal information. Names, credit and debit card numbers, expiration dates and security codes all could have been compromised. Mailing addresses, phone numbers and email addresses were also at risk. It does not appear that those who used PayPal were affected.
BleepingComputer outlines how this appears to have been a ‘MageCart’ attack and how it works.
Since becoming aware of the issue on December 26, 2018, Topps had an outside company do a security audit of their site. They have also removed the malicious code and upgraded their site.
If did make a purchase at the time of the breach, be sure to look at credit card statements for any suspicious purchases. You can also contact your bank or credit card company. In a statement that was sent to customers, Topps also recommended contacting credit reporting agencies. The statement outlines exactly how to do so.
This is not the first data breach for the Topps website. Something similar happened in 2016. The attack took place sometime between July 30 and October 12 with the company notifying customers shortly after Christmas. PayPal users were not at risk then, either.