Breach, Data Security, Network Security

Data blowout at Blowout Cards

Blowout Cards, a site for the buying, selling and trading of sports and other types of cards, suffered a breach, according to a report on Data Breach Today.

Notices are being sent out alerting customers that an attacker breached its systems and may have stolen "names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates, and card verification codes for customers who checked out via our website shopping cart in January 2017 through April 20th, 2017."

Some customers have been reporting card fraud.

Blowout Cards, owned by Sterling, Va.-based Frontline Collectibles, issued the notice four days after learning of the breach. It said it initiated an investigation and hired a third-party digital forensic firm.

The company said "an exploit in the form of a modified payment .php file was uncovered which allowed the intruder(s) to skim credit card/debit card information as customers checked out via our website."

The code was expunged from its site, it reported, and mitigated the flaw targeted by the attacker.

The number of customers affected was not revealed.

Blowout Cards apologized for the compromise and advised customers to report any suspect charges on their card statements to the provider.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.