According to cybersecurity expert Brian Krebs, GameStop is investigating reports of a security breach that resulted in customer credit card information being compromised. In addition to credit card numbers, expiration dates, and addresses, hackers were reportedly able to obtain CVV2 information, as well. It's unclear at this point how hackers obtained the CVV2 codes, but it's possible that the intruders were able to copy the data before it was encrypted and transmitted it by placing malicious software on a company’s e-commerce site.
In a statement to KrebsOnSecurity, a company spokesperson released the following:
GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.
According to Krebs, two sources close to the investigation say that they have received alerts from a credit card processor stating that Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017. If you’ve shopped at GameSpot.com during that timeframe it would be a good idea to keep a close eye on your credit and debit card statements for unauthorized activity.