Four affiliate online sports equipment sites revealed a cyberattack in which malicious actors stole the credit cards of 1,813,224 customers.
While not much is known about the attack, a law firm representing the four websites said personal details and credit card information, including the full CVV, had been stolen on October 1, 2021.
The affected websites are:
The sites first learned of the violation on October 15, and after an investigation confirmed on November 29 customers who had their payment information stolen.
The details that were compromised as a result of this incident are as follows:
- Full Name
- Financial account number
- Credit card number (with CVV)
- Debit card number (with CVV)
- Website account password
After the investigation was concluded, the websites sent notices to those affected on December 16, 2021.
None of the notices issued to affected customers provide details of the nature of the incident, so the actual means of obtaining the data remains unknown.
However, as the description says, “external system violation (hack)”, this appears to be akin to a database violation rather than implanting card skimmers on websites, although both scenarios are probable.
Either way, if you have purchased anything from these four websites, you should treat incoming communications vigilantly, monitor your bank and credit card statements, and immediately report any suspicious transactions.
âUpon learning of the incident, Tackle Warehouse took the actions referenced above. We also reported the incident to payment card brands in an effort to prevent fraudulent activity on affected accounts, âread Tackle’s customer notification letter.
“We also reported the incident to law enforcement and worked closely with the digital forensics firm to improve the security of our sites to facilitate safe and secure transactions.”
Unfortunately, affected customers were not offered an identity protection service this time around, even though the compromised data is extremely sensitive information.
We have contacted all affected entities to learn more about the attack, and will update this post as soon as we receive a response.