Green Bay Packers online store used to steal fan credit card details

A person holding a credit card in one hand while typing on a laptop keyboard with the other.

(Image credit: Shutterstock / Kostenko Maxim)

Green Bay Packers has notified customers of an October 2024 incident
The threat actors installed a skimmer on the team's online store
An unknown number of people lost their credit card information

Fans of the Green Bay Packers NFL team looking to buy merch from the team’s ecommerce site may have had their sensitive data stolen, including payment information, the team has revealed.

I a data breach notification letter sent out to affected customers, the team spotted malicious code inserted in the Pro Shop website on October 23, and temporarily disabled all payment and checkout capabilities. It then brought in third-party cybersecurity experts to investigate, who determined an unknown threat actor had deployed a skimmer on the checkout page, which was active across September 23 and 24, and October 3 - 24.

On those days, the crooks managed to steal people’s names, addresses (both billing and shipping), email addresses, credit card types, credit card numbers, credit card expiration dates, and credit card verification numbers. More than enough to run wire fraud, identity theft, phishing, and more.

Contained and remedied

Purchases on the Pro Shop website that were made using a gift card, Pro Shop website account, PayPal, or Amazon Pay, were not affected, the company confirmed.

The incident has since been contained and remedied, Green Bay Packers said, adding its IT team, together with third-party cybersecurity experts, made sure the shop was now secure. “We also worked with our vendors that host and manage the Pro Shop website to confirm enhancements to their security protocols,” it said.

Customers are being offered 36 months of free credit monitoring and identity theft restoration services through Experian, but they will have to enroll themselves, since Green Bay Packers cannot activate the service on their behalf.

We don’t know exactly how many people might have been affected by this attack, and there is currently no information of the stolen data being misused anywhere on the dark web.

Ecommerce sites targeted by Magento payment system hack
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.