GameStop investigating possible security breach, customers' credit card and personal data at risk

GameStop is currently investigating a possible security breach that may have compromised its online customers' credit card and personal information. The video game retailer confirmed it was notified by a third party that believed payment card data from cards used on GameStop.com was recently listed for sale on a website.

In a security update posted on its website, GameStop said these claims are currently being investigated and advised customers to monitor their bank statements for any suspicious unauthorised charges.

"The security of our customers' payment card data remains a top priority," the company said. "GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified."

GameStop did not specify when the alleged cyberattack occurred, how many customers were possibly affected or what information may have been stolen in the breach.

"We regret any concern this situation may cause for our customers... If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported."

Citing two sources in the financial industry, KrebsOnSecurity reports GameStop's website was likely hacked between mid-September 2016 and the first week of February 2017. Customers' compromised data may include names, addresses, customer card number, expiration date and the three-digit card verification values (CVV) usually found on the back of payment cards.

"Online merchants are not supposed to store CVV2 codes, but hackers can steal the codes by placing malicious software on a company's e-commerce site, so that the data is copied and recorded by the intruders before it is encrypted and transmitted to be processed," KrebsOnSecurity reports.

"GameStop would not comment on the possible timeframe of the suspected breach, or say what types of customer data might be impacted." The security site noted there is currently no evidence that GameStop's retail store locations were affected.

If the alleged breach did occur, it could be a significant security breach given the fact that it reportedly occurred during the holiday season.

News of the cyberattack comes as GameStop continues to face stiff competition from major retailers such as Amazon, Walmart and BestBuy as customers increasingly shift towards online shopping and digital downloads. After reporting disappointing fourth-quarter sales, the Texas-based retailer announced plans to close more than 150 "non-productive" stores of its 7,500 locations worldwide.

GameStop blamed the significant slump on "weak sales of certain AAA titles" during the crucial holiday season, "aggressive console promotions" by other retail rivals on Thanksgiving and Black Friday.