Breach Notification , Breach Response , Data Breach

Seattle Game Producer Reports Breach

Payment Card Details Compromised Via Malware
Seattle Game Producer Reports Breach

Big Fish, a Seattle-based online game producer and distributor, is notifying an undisclosed number of customers that their payment card information may have been compromised following a malware intrusion.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

The company became aware of the incident on Jan. 12, according to a copy of their breach notification, which was provided to the California Attorney General's Office. "An unknown criminal installed malware on the billing and payment pages of our websites that appears to have intercepted customer payment information," says Ian Hurlock-Jones, the company's chief technology officer.

Customers who entered new payment details on Big Fish's websites, "rather than using a previously saved profile," for purchases between Dec. 24, 2014 and Jan. 8 may have been affected.

Information that may have been exposed includes names, addresses, payment card numbers, expiration dates and CVV2 codes, Big Fish says.

"We have taken the necessary steps to remove the malware and prevent it from being reinstalled," Hurlock-Jones says. The company has reported the breach to law enforcement, as well as credit reporting agencies and payment card networks.

Affected customers are being offered free credit monitoring and identity theft protection services for one year through Experian.

Big Fish did not immediately respond to a request for additional information.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network