NIS America hacked: Customer payment card data stolen, $5 off next purchase offered as apology gift
The breach took place sometime between 23 January and 26 February on NIS America's online stores.
Japanese gaming developer Nippon Ichi Software has revealed its American arm, NIS America, has suffered a major data breach compromising the personal and financial data of online customers. As an apology gift, the company is also offering codes for a $5 discount on customers' next purchase via their online stores as a "small token" to those impacted.
In an email sent out to affected customers last week, the company said the breach took place sometime between 23 January and 26 February on its online stores including store.nisamerica.com and snkonlinestore.com.
Hackers managed to access customers' payment card details and address information for any new orders placed and paid via credit card during this time frame. However, customers who placed orders using PayPal were not affected in the breach.
"On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page," NIS America said in the email. "This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.
"Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future."
The company noted that it does not store payment card information of customers who have user accounts on one of its stores.
"User accounts are used primarily to track past orders and gain reward points. Data for past orders is stored securely, and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date," it noted.
NIS America said its store pages were immediately taken offline line to prevent any further breaches and scanned all its processes to determine "the exact point of entry as well as determine when this change occurred on our online stores".
"We have taken steps to solve the issue that resulted in this breach, along with several other steps to improve our site's security," the company said. "At this time, we can say that we have identified the issue, removed it from our website, and taken steps to prevent this issue from recurring, as well as added new security to our online stores."
It did not specify how many customers were affected in the breach or provide any further details on how the attack was carried out.
Customers have been advised to change their user account passwords, monitor their bank or credit card statements for any suspicious activity and watch out for fraudulent emails, texts, phone calls or dubious websites that request personal information.
"Our customers are our top priority, and it is our responsibility to provide a safe and secure environment for you to shop online with confidence," the company said. "We know that this issue and the steps needed to resolve it can be frustrating. We share these feelings, and we pledge to do our best to get this issue resolved, and prevent it from happening again.
"We would not be reopening our online stores if we did not feel confident that they are a safe place to shop. We are committed to earning back your trust and confidence, and we hope to have the opportunity to serve you again soon," the firm said, adding that codes for a $5 discount on online purchases will soon sent out to those impacted.
"We understand that this is a small token, but we hope it will show our commitment and appreciation of our customers as we begin to regain your trust."
IBTimes UK has reached out to NIS America for further comment.