Customers who shopped at the company’s website between July 30 and October 12 of 2016 may be affected.
Trading card maker Topps recently began notifying an undisclosed number of customers that their names, email addresses, mailing addresses, phone numbers, credit or debit card numbers, expiration dates and verification numbers may have been stolen by “one or more intruders” last fall.
Any customers who placed orders through the Topps website between July 30, 2016 and October 12, 2016 may be affected.
“Once we became aware of this incident, we engaged a security firm to examine our network, and we worked with the security firm, as well as our website development and hosting companies to implement multiple measures to strenghten the security of our system,” Topps stated in its notification letter [PDF] to those affected.
“We stopped the incident and continue to work with our security firm to help prevent a similar incident from happening again,” the company added.
All those affected are being offered one year of free access to identity theft protection services from CSID.
BBC News notes that security researcher Chris Vickery uncovered vulnerabilities in Topps databases back in December of 2015 and June of 2016, but he wasn’t able to get a response from the company by email. It’s not clear whether the credit card breach was related to the flaws Vickery found.
A recent Thales e-Security survey of 1,016 U.S. adults found that fully 88 percent of respondents said they would stop using digital payments if they fell victim to cybercrime as a result of a data breach.
Seventy percent said they would stop using digital payments if money was stolen from a linked bank account, 68 percent said they would do so if unauthorized charges appeared on a linked credit card account, and 59 percent said they would do so if their user name and password were stolen.
“The mobile payments industry needs to take note that their future success is based on trust,” Thales e-Security director of payment strategy Jose Diaz said in a statement. “And that trust can easily fail if they do not provide the strong protection of their infrastructure, transactions and data that customers expect.”
A separate Thales survey of 1,000 adults in the U.S. and the U.K. recently found that 55 percent of respondents would switch to only using cash at a retailer if they learned that credit card data had been stolen from its systems — and 20 percent would stop shopping at that retailer altogether.