The Green Bay Packers’ online store was recently targeted by hackers, potentially compromising the credit card information of customers who shopped there between September and October 2024. This data breach has raised concerns about the security of online transactions and the potential for credit card fraud.
Green Bay Packers helmet and logo.
The Packers issued a data breach notification, informing customers about the October 2024 cyberattack. Hackers injected a card skimmer script into the online store’s checkout process, enabling them to steal sensitive payment and personal information. Compromised data includes credit card types, numbers, expiration dates, and verification codes, putting affected customers at risk of fraudulent activity. According to Bleeping Computer, hackers also gained access to customer names, addresses, and email addresses.
Timeline and Investigation
Upon discovering the compromise on October 23, 2024, the Packers immediately disabled all payment and checkout functionalities on their online store. Cybersecurity experts were brought in to investigate the incident and determine the extent of the data breach. Their investigation revealed that personal and payment information was stolen between September 23-24 and October 3-23, 2024. The Packers officially confirmed this on December 20, 2024.
Affected Payment Methods
The data breach primarily affected customers who used specific payment options on the Pro Shop website during the specified timeframe. Fortunately, those who used PayPal, Amazon Pay, a Pro Shop website account, or a gift card were not affected.
Jordan Love, the quarterback of the Green Bay Packers.
Packers’ Response and Remediation
The Packers took immediate action to address the security breach. They instructed the vendor responsible for hosting and managing the Pro Shop website to remove the malicious code, refresh passwords, and verify the absence of further vulnerabilities. Chrysta Jorgensen, the Packers’ director of retail operations, affirmed their commitment to resolving the issue. The Dutch security company, Sansec, initially alerted the Packers to the breach. According to Sansec, the attackers exploited a JSONP callback and YouTube’s oEmbed features to bypass the Content Security Policy (CSP) and execute the attack.
Recommendations for Affected Customers
The Green Bay Packers are offering three years of credit monitoring and identity theft restoration services to affected customers. It’s strongly recommended that anyone who made purchases on the Packers’ online store between September and October 2024 carefully monitor their credit card statements for any unauthorized activity.
NFL Cybersecurity Concerns
This incident highlights ongoing cybersecurity concerns within the NFL. In 2023, several teams experienced similar attacks, with 15 teams suffering social media account breaches. These recurring incidents underscore the need for heightened security measures to protect sensitive data and maintain customer trust.
