Evangelion Store Online Reports Credit Card Data Breach
posted on by Alex Mateo
Evangelion Store Online announced on Tuesday that its website had a credit card data breach, and 17,828 customers' credit card information was illegally accessed.
On July 12, credit card companies contacted the online store about concerns of a credit card data breach. The store removed the option for card payment on that day. At the same time, the store started an investigation with a third-party company. The investigation was completed on September 29, and it revealed that users' credit card information was leaked for purchases made between June 8, 2020 to June 30, 2021. In addition, some customers' credit cards were misused.
Compromised personal information includes: cardholder name, credit card number, expiration date, security code, login ID (email address), and password.
The store's payment application was tampered via unauthorized access by third party due to a vulnerability within the system operated by the company Groundworks. The store has reported unauthorized access to the Personal Information Protection Commission on September 6, and reported the damage to the police station in charge on October 5. The company will fully cooperate with the investigation.
The store apologized for the situation, as well as for waiting until now to announce the data breach, explaining that it was waiitng for the investigation results. The company will individually e-mail customers who may have had their personal information leaked with a notice and apology. The store is working with credit card companies to help customers receive reissued credit cards for free. It also warns customers to check their credit card statements for unauthorized transactions and unauthorized password usage on other websites.
The store is currently inaccessible, and it will reopen at a later date. The Yahoo! and Buyee stores are still open and were confirmed to be unaffected by the unauthorized access.