Hacker stole customer data from U.S. rugby team Green Bay Packers' merchandise website

Professional American rugby team Green Bay Packers, which competes in the National Football League, has announced that it suffered a cyber security incident in October that compromised the financial information of around 8,500 fans.

 

In a data breach notice filed with the Office of Maine Attorney General, Green Bay Packers said that on October 23, it was notified that a threat actor had inserted malicious code into its Pro Shop website. The rugby club immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

As a precaution, it also temporarily disabled all payment and checkout options on the Pro Shop website and asked the “vendor that hosts and manages the Pro Shop website to remove the malicious code from the checkout page, refresh its passwords, and confirm there were no remaining vulnerabilities.”

 

“Based on the results of the forensic investigation, on December 20, 2024, we discovered that the malicious code may have allowed an unauthorised third party to view or acquire certain customer information entered at the checkout that used a limited set of payment options on the Pro Shop website between September 23-24, 2024 and October 3-23, 2024,” the club said.

 

It said the unauthorised third party gained access to customer data that included names, billing and shipping addresses, email addresses, credit card type, credit card numbers, credit card expiration dates, and credit card verification numbers.

 

The club’s filing with the Maine state regulator also revealed that at least 8,514 individuals were impacted by the incident.

 

Green Bay Packers have, however, confirmed that purchases on the Pro Shop website using gift cards, Pro Shop website accounts, Paypals, or Amazon Pay modes were not affected by this malicious code.

 

The football team has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities. It has also offered three complimentary identity protection and credit monitoring services through Experian all affected individuals.