Big Fish Games is notifying an undisclosed number of customers that malware was installed on the billing and payment pages of its websites, and it appears to have intercepted customer payment information.
How many victims? Undisclosed. Big Fish Games did not immediately respond to a SCMagazine.com request for the information.
What type of personal information? Names, addresses and payment card information, including card numbers, expiration dates and CVV2 codes.
What happened? An unknown individual installed malware on the billing and payment pages of Big Fish Games' websites, and the malware appears to have intercepted customer payment information.
What was the response? Steps were taken to remove the malware and prevent it from being reinstalled. The incident has been reported to law enforcement. All impacted individuals are being notified, and offered a free year of identity protection services.
Details: Big Fish Games discovered the incident on Jan. 12. Information may have been affected if new payment details were entered on Big Fish Games' websites – rather than using a previously saved profile – for purchases between Dec. 24, 2014, and Jan. 8.
Source: oag.ca.gov, “BFG Multistate Notice,” Feb. 13, 2015.
UPDATE: In a Wednesday email correspondence, a Big Fish Games spokesperson told SCMagazine.com that the company is not providing information beyond what has been released.