Hackers gained access to Topps’ website during the summer and early fall, possibly compromising customer information.
On Wednesday, the company sent out an email to those who may have been affected by the security breach (see below). Topps stated it became aware on October 12 of thus year that “one or more intruders gained unauthorized access to its website.”
Topps Security Breach: What Was Compromised
Customer names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates and verification numbers may have been stolen as buyers placed orders for merchandise on the site as early as July 30. Customers who used PayPal are not believed to have been affected by the breach.
After learning of the situation, Topps says it worked with an online security company, its web developer and hosting company to address the issues.
While the majority of collectors who entered their information may not be impacted, some say their credit card numbers have been used to make fraudulent purchases after they had ordered cards through the Topps NOW platform. After reporting those phony charges, the credit card companies deactivated the credit cards and issued new ones.
Online security breaches aren’t new, with even retail giants impacted over the last several years as hacking attempts become more commonplace and sophisticated. As other companies have done, Topps is offering a year’s worth of identity theft protection to those who may have been impacted by the breach. They also encouraged customers to watch their credit card statements for any fraudulent charges.
Notice from Topps to Customers
Here’s how the company reported the issue.