Four online sporting goods sites have found that 1,813,224 customers’ credit cards were stolen in a cyber attack.
Not much is known about this attack, but a law firm representing four websites said that credit card information, including personal information and the full name of the CVV, was stolen on October 1, 2021.
The affected websites are listed below.
- Tackle Warehouse LLC (tacklewarehouse.com) – Fishing gear
- Running Warehouse LLC (runningwarehouse.com) – Running Warehouse
- Tennis Warehouse LCC (tennis-warehouse.com) – Tennis Warehouse
- Skate Warehouse LLC (skatewarehouse.com) – Skateboarding and skatewear
These sites first learned of the information breach on October 15, and after an investigation confirmed the fact that payment information had been stolen on November 29.
The information leaked in this incident is as follows.
- Customer’s name
- Financial institution account number
- Credit card number with CVV
- Debit card number with CVV
- Website account password
After the investigation was completed, the websites notified the affected individuals on December 16, 2021.
None of the published notices to affected customers provide any details about the nature of the incident, so the actual means of obtaining the data remains unknown.
But since the description says “intrusion into an external system (hacking)”, it seems more like a database intrusion than a card skimmer embedded in a website, but either scenario is possible.
In any case, if you have purchased anything from these four websites, you should treat incoming communications with caution, monitor your bank account and credit card statements, and report any suspicious transactions immediately.
Tackle Warehouse is aware of this incident and has taken action. We reported the incident to the payment card brands to prevent fraudulent activity on the affected accounts
We also reported it to law enforcement and worked closely with a digital forensics company to enhance the security of our site to promote safe and secure transactions
Unfortunately, we do not provide identity protection services to the affected customers, even though the compromised data is highly sensitive information.
We have reached out to all affected companies to learn more about this attack, but there has been no response.