Customers who have made a purchase at Blowout Cards this year using a credit card should keep a close eye on their account and their credit reports.
The online trading card seller has notified customers of a security breach that may have compromised names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates, and card verification codes of those who used its online shopping cart from January through last Thursday, April 20. They say the security breach was limited to credit and debit card customers and that PayPal transactions were not affected.
Topps’ online store was hit with a similar security breach late last year.
When the situation was discovered last week, Sterling, Va-based Blowout and its parent company Frontline Collectibles, launched an investigation and discovered a modified payment .php file which allowed hackers to skim credit card/debit card information as customers checked out.
The malicious code was removed and steps have been taken to close the vulnerability, according to a notice Blowout posted on its website. They’ve hired a third-party data security company to implement additional security measures. Potential victims were notified by email. Two customers posted in the Blowout forums that they noticed fraudulent charges on their credit cards on Wednesday, April 19 and others then reported similar experiences.
“We deeply regret that this has incident has occurred and we sincerely apologize,” the security alert reads. “In the coming weeks, we look forward to communicating with you again full details on what we are doing to ensure the safety of your information and what steps we are taking to prevent this from happening again in the future.”
If you purchased anything from Blowout this year and used a credit card rather than PayPal, the company has listed some recommended steps to take, even if you haven’t noticed any fraudulent charges thus far.