HomeCII/OTGreen Bay Packers Fans Targeted by Online Payment Skimmer

Green Bay Packers Fans Targeted by Online Payment Skimmer

Published on

spot_img

Fans of the Green Bay Packers football franchise were left reeling after a recent data breach resulted in a payment-card skimmer compromising the personal data of customers who made purchases on the Packers Pro Shop website last fall.

The breach, affecting approximately 8,514 individuals, was discovered on Oct. 23 as the team was preparing to take on the Jacksonville Jaguars in Week 8 of the 2024 season. The malicious code was detected on the Pro Shop website by the team’s security staff, prompting an immediate response to shut down the e-commerce site.

According to the notification letter sent to those impacted, the skimmer was active during two specific periods: between Sept. 23-24 and Oct. 3-23, 2024. Fortunately, customers who used alternative payment methods such as gift cards, a Pro Shop website account, PayPal, or Amazon Pay were not affected. However, for those whose information was compromised, names, addresses (billing and shipping), emails, and full payment-card details were obtained by cybercriminals.

An analysis conducted by Sansec, a Dutch e-commerce security company, revealed that the threat actors behind the attack exploited a JSONP callback and YouTube’s oEmbed feature to inject a script from https://js-stats.com/getInjector, allowing them to harvest information entered on the Pro Shop website.

While the perpetrators behind the breach remain unidentified, the incident bears the hallmark of a classic Magecart attack, a term used to describe groups that steal credit card information by injecting malicious code into e-commerce websites. These types of attacks have been increasingly prevalent, with various groups beyond the traditional Magecart actors engaging in similar tactics.

Javvad Malik, lead security awareness advocate at KnowBe4, highlighted the challenges posed by these attacks, emphasizing the need for vigilance and adherence to security protocols. He noted that the rise in skimmer attacks could be attributed to the ease of compromising third-party components within e-commerce platforms, making them vulnerable to exploitation.

Moving forward, efforts to combat digital skimming will require a multi-faceted approach, balancing security measures with the need for business agility and a seamless user experience. Organizations, including sports franchises like the Green Bay Packers, must prioritize security and implement robust measures to safeguard customer data.

Despite the ongoing threat posed by payment skimmers, experts stress the importance of integrating security practices into the core operations of businesses. By adopting a proactive approach that includes regular security audits, real-time monitoring, and comprehensive employee training, organizations can mitigate the risks associated with cyberattacks.

As the investigation into the Packers Pro Shop data breach continues, it serves as a stark reminder of the evolving threat landscape facing e-commerce platforms and the critical need for robust cybersecurity measures to protect customer information.

Source link

Latest articles

Unlocking automation within IT security and IT operations

The proliferation of endpoints in today's enterprises is presenting challenges for IT operations and...

Fortified Health Security publishes 2025 Healthcare Cybersecurity Report

Fortified Health Security, a leading managed security services provider specializing in healthcare cybersecurity, recently...

Google Sign On Unlocks Services for Abandoned Online Domains

In a recent development, a security researcher uncovered a critical security flaw involving the...

HP Police to establish state-of-the-art laboratory for combating cybercrime

The Himachal Pradesh Police is taking proactive measures to tackle the rising cases of...

More like this

Unlocking automation within IT security and IT operations

The proliferation of endpoints in today's enterprises is presenting challenges for IT operations and...

Fortified Health Security publishes 2025 Healthcare Cybersecurity Report

Fortified Health Security, a leading managed security services provider specializing in healthcare cybersecurity, recently...

Google Sign On Unlocks Services for Abandoned Online Domains

In a recent development, a security researcher uncovered a critical security flaw involving the...