Customers may have had their credit card numbers, expiration dates and CVVs stolen.
Customers may have had their credit card numbers, expiration dates and CVVs stolen.

GameStop is investigating a possible payment card breach on the retailer's GameStop.com online store, according to published reports.

KrebsonSecurity is reporting that GameStop is looking into a breach after it received notice from a third party that some customer data was for sale online. KrebsonSecurity said word was received from two financial industry sources which had, in turn, been warned by a credit card processor that data was stolen between September 2016 and February 2017.

The breach may have exposed customer names, addresses, payment card numbers, expiration dates and CVV codes.

“If Brian Krebs' report is correct, the GameStop breach has the potential to be a huge payday for hackers. Compromised credit card numbers aren't always easy to monetize, but in this case hackers were able to intercept CVV2 numbers, which allow them to begin making fraudulent purchases immediately,” Vishal Gupta, Seclore CEO, told SC Media.

Other industry insiders noted that attacks such as this could signal a time when smaller retailers are simply unable to protect themselves from cyberthieves.

"You can imagine a future where attacks such as this become so sophisticated and frequent that no one but the largest retailers can afford to defend against them. This would give the Amazons and Walmarts of the world a real competitive advantage in winning consumers' business," John Gunn, CMO of VASCO Data Security.

GameStop has not yet responded to a SC Media request for confirmation of the incident.