Green Bay Packers, a professional American football team based in Wisconsin was subjected to a cyber attack compromising the credit card data of over 8,514 customers.
In an official 'Notice of Data Breach' statement, the popular National Football League (NFL) team revealed that a third-party threat actor breached security on the Green Bay Packers Pro Shop website.
“On October 23, 2024, we were alerted to the presence of malicious code inserted on the Pro Shop website by a third-party threat actor,” the statement noted.
While, immediate actions were taken to secure the system and alert parties affected, the malicious code may have allowed unauthorised access to third parties.
Green Bay Packers Data Breach Impact
Green Bay Packers discovered the impact of the cybersecurity breach on December 20, 2024, when a third party viewed or acquired certain customer information entered at the checkout.
The Pro Shop checkout only provided restricted payment methods due to which the retailer was alerted. They temporarily disabled all payment and checkout capabilities on the Pro Shop website between September 23 to 24 last year.
The NFL team emphasised that purchases on the Pro Shop website made using a gift card, Pro Shop website account, Paypal, or Amazon Pay between October 3 to 23, 2024 were not impacted by the malicious code.
The Pro Shop retailer has now sought the help of external cybersecurity experts to assist with the security breach investigations.
Further investigations will aim to “determine what, if any, customer information may have been affected,” the statement noted.
“We also immediately required the vendor that hosts and manages the Pro Shop website to remove the malicious code from the checkout page, refresh its passwords, and confirm there were no remaining vulnerabilities.”
Other information that might have been compromised in the Green Bay Packers cyber attack could be specific information entered by customers on the Pro Shop website when making a purchase.
In addition to credit card details including types, expiry date, and verification number, this information likely also comprised customer names, addresses (billing and shipping), and email addresses.
“If you made purchases on the Pro Shop website using a gift card, Pro Shop website account, Paypal, or Amazon Pay, your information was not affected by this malicious code,” stressed the football league team’s statement.
Also Read: Casio Cyber Attack Exposed Data of 8500 People
Cyber Attack Protocol
Green Bay Packers national football team’s retailers carried out measures to secure their networks and prevent any more damage to its credibility and security.
Federal Trade Commission (FTC) in the US guidelines for businesses recommends first acting quickly to secure their systems and fix vulnerabilities that may have caused the security breach.
It recommends seeking advice from forensic experts and law enforcement regarding a reasonable time to resume regular operations.
In addition to undertaking comprehensive investigations following the data breach, the FTC recommends consulting with legal counsel.
“Talk to your legal counsel,” the organisation stated. “Then, you may consider hiring outside legal counsel with privacy and data security expertise. They can advise you on federal and state laws that may be implicated by a breach.”
Following remediate actions, businesses must inform affected parties and law enforcement. If the data stolen involves a Social Security Number, the businesses are required to issue a model letter to notify potential victims.
Read: UN Agency Investigating Security Breach After Hacker Claims Data Theft
Also Read: Taiwan Cyber Attacks Doubled in 2024, Report Cites Chinese Cyber Force
