The Green Bay Packers recently informed customers of a breach involving their online shopping website, the Pro Shop. Hackers inserted malicious code into the site that allowed them to steal payment information from customers. The breach was discovered on October 23, 2024, prompting the team to immediately shut down the payment and checkout features while initiating an investigation. The Packers hired an external cybersecurity firm to determine whether customer data had been compromised.
According to the Packers’ notification, the malicious code affected a limited set of payment options on the Pro Shop site between September 23-24 and October 3-23, 2024. The breach was confirmed on December 20, 2024, after a forensic investigation revealed that hackers may have accessed customer information entered during the checkout process during that time frame.
The breach affected a total of 8,514 individuals, and the team informed various states, including Maine, Texas, Vermont, and Massachusetts, about the incident. The stolen data included names, billing and shipping addresses, credit card numbers, expiration dates, CVV codes, and credit card types. However, customers who used gift cards, PayPal, or Amazon Pay were not impacted by the malicious code.
After discovering the breach, the Packers removed the malicious code from the checkout page, and all customers with accounts on the site were required to reset their passwords. As a response to the breach, the team offered affected customers three years of credit monitoring and identity theft protection through Experian.
The Packers also worked with cybersecurity experts and their website vendor to contain and address the incident. They reassured customers that no other platforms, such as team-related apps or social media accounts, had been impacted by the breach. The Packers did not provide details on whether the hackers behind the attack were identified.
Dutch cybersecurity firm Sansec alerted the Green Bay Packers to the breach, and they were the ones who identified the malicious code on the website. Sansec is well known for tracking online attacks, including e-skimming, which involves hackers embedding tools into e-commerce websites to steal payment information during transactions.
E-skimming attacks have been a persistent problem for many online retailers, and they have been widely used by cybercriminals. In a report by Recorded Future, it was revealed that over 3,700 e-commerce websites were infected with e-skimming malware in July 2024 alone, underscoring the widespread nature of such attacks.
While the Packers have taken steps to resolve the cybersecurity issue, including removing the malicious code and offering credit protection services, the breach highlights the ongoing risks of online shopping, especially with regard to payment information security.
