Hackers have reportedly hit iconic collectable trading cards manufacturing firm Topps. The company's popular products include Star Wars, Disney's Frozen, Top Gear and the UEFA champion league. The firm reportedly believes that hackers may have gained access to users' sensitive personal and financial information.
The data breach occurred earlier in the year and likely saw hackers making away with user information, including debit and credit card data. Topps told BBC that the security vulnerability has been fixed. The firm is also offering customers one year worth of free identity theft protection.
Topps sent out email notifications to customers in October, which read, "[They] may have gained access to names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates and card verification numbers for customers [who made purchases] between approximately 30 July 2016 and 12 October 2016."
"The really unforgivable aspect here is the loss of credit card details," said cyber-security expert Prof Alan Woodward from Surrey University."If this was an external attack, these details just should not be accessible or readable. An obvious question is, 'was the customers financial data encrypted?' If not that should attract some heavy attention from the appropriate regulators."
2016 has seen epic data breaches, many of which saw sensitive user data stolen and later leaked on underground hacker forums or dark web marketplaces, which listed the stolen records for sale. The shocking 1bn Yahoo hack shook the tech sector. Alarmingly, InfoArmour researcher Andrew Komarov claimed to have uncovered that the entire batch of stolen Yahoo accounts have already been sold on the dark web by Eastern European hacker group called "Group E", for roughly $300,000.
Topps is yet to clarify details of the hack. The firm has not yet confirmed how many users may have been affected by the breach or how and why users' payment card details were at risk. It is still uncertain if any of the potentially stolen data have been leaked online. The identity and location of the attackers also remains a mystery.