Hackers have breached the billing and payment pages of BigFish Games and stolen sensitive information, according to the company’s notification letter published on 11 February 2015.
BigFish Games, founded in 2002, is ranked 1,589 in the United States and 2,817 globally, according to Alexa.
The hackers intercepted the customer payment information and might have stolen information that included customer name, address, payment card information, card number, expiry date, and CVV2 (card verification value) code, said the letter.
Anyone with CVV2 information can perform online transactions. The code behind the card is a check against online malpractices and requires physical possession of the card to complete an online transaction besides verifying the card number. PCI DSS (Payment Card Industry Data Security Standard) recommends against storing the CVV information on their infrastructure as a safety measure.
The company also informed that the breach would have affected any new information that was added between December 24, 2014 and January 8, 2015 only and the customers using card data already stored in their profile remained unaffected.
The fraud was discovered by the company’s administrative team and they have plugged it as well. Additionally, the law enforcement authorities have been informed about it; credit reporting agencies and payment card networks have been alerted too.
The company has offered the affected members with free one year subscription to an identity protection service.
“We are offering a complimentary one-year membership to Experian’s ProtectMyIDÒ Alert. This product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft,” said Ian Hurlock-Jones, CTO at BigFish Games, in the letter.