Blowout Cards, a site for the buying, selling and trading of sports and other types of cards, suffered a breach, according to a report on Data Breach Today.
Notices are being sent out alerting customers that an attacker breached its systems and may have stolen "names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates, and card verification codes for customers who checked out via our website shopping cart in January 2017 through April 20th, 2017."
Some customers have been reporting card fraud.
Blowout Cards, owned by Sterling, Va.-based Frontline Collectibles, issued the notice four days after learning of the breach. It said it initiated an investigation and hired a third-party digital forensic firm.
The company said "an exploit in the form of a modified payment .php file was uncovered which allowed the intruder(s) to skim credit card/debit card information as customers checked out via our website."
The code was expunged from its site, it reported, and mitigated the flaw targeted by the attacker.
The number of customers affected was not revealed.
Blowout Cards apologized for the compromise and advised customers to report any suspect charges on their card statements to the provider.