Green Bay Packers Pro Shop Breach Exposes Credit Card Details of 8500 Fans

The Green Bay Packers breach has disclosed a significant cybersecurity incident affecting their online Pro Shop, where cybercriminals successfully stole credit card information from over 8,500 customers during a breach in September 2024.

In breach notification letters sent to affected individuals, the National Football League (NFL) team revealed that they immediately disabled all checkout and payment capabilities after detecting the security compromise on October 23. The investigation discovered that attackers had injected a credit card stealer into the store's checkout page to harvest personal and payment information.

The breach specifically impacted customer information entered on the Pro Shop website's checkout between September 23-24 and October 3-23, 2024. Stolen data potentially included names, billing and shipping addresses, email addresses, credit card types and numbers, card expiration dates, and credit card verification numbers (CVVs).

Fortunately, the Packers noted that payments made using gift cards, Pro Shop website accounts, PayPal, or Amazon Pay were not affected by the breach. The organization immediately worked with their website vendor to remove the malicious code, refresh passwords, and confirm no remaining vulnerabilities existed.

While the exact method of intrusion remains undisclosed, cybersecurity firm Sansec reported that the card skimming attack utilized YouTube's oEmbed feature and a JSONP callback to bypass content security protocols. The malicious script harvested data from input fields and exfiltrated captured information to an external server.

In response to the breach, the Packers are offering affected customers three years of complimentary identity theft restoration and credit monitoring services through Experian. They strongly advise customers to closely monitor their account statements for any suspicious activity and report potential fraud to their bank, the Federal Trade Commission, and state authorities.

This incident underscores the ongoing cybersecurity challenges faced by organizations in protecting customer financial information in an increasingly digital marketplace.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: