Breach Notification , Incident & Breach Response , Security Operations
Seattle Game Producer Reports Breach
Payment Card Details Compromised Via MalwareBig Fish, a Seattle-based online game producer and distributor, is notifying an undisclosed number of customers that their payment card information may have been compromised following a malware intrusion.
See Also: Cyber Insurance Assessment Readiness Checklist
The company became aware of the incident on Jan. 12, according to a copy of their breach notification, which was provided to the California Attorney General's Office. "An unknown criminal installed malware on the billing and payment pages of our websites that appears to have intercepted customer payment information," says Ian Hurlock-Jones, the company's chief technology officer.
Customers who entered new payment details on Big Fish's websites, "rather than using a previously saved profile," for purchases between Dec. 24, 2014 and Jan. 8 may have been affected.
Information that may have been exposed includes names, addresses, payment card numbers, expiration dates and CVV2 codes, Big Fish says.
"We have taken the necessary steps to remove the malware and prevent it from being reinstalled," Hurlock-Jones says. The company has reported the breach to law enforcement, as well as credit reporting agencies and payment card networks.
Affected customers are being offered free credit monitoring and identity theft protection services for one year through Experian.
Big Fish did not immediately respond to a request for additional information.