JAPANESE GAMES DEVELOPER Nippon Ichi Software (NIS) has suffered a major data breach and is offering customers, er, $5 as compensation.
In an email sent to customers last week, NIS admitted that its American arm had fallen victim to a breach compromising the personal and financial data of its online customers.
Hello everyone, you may have received an email regarding a data breach of the NISA Online Store. This is a valid and legitimate email. Please stand by as we work on resolving the issue. Thank you for your patience and understanding!
— NIS America, Inc. (@NISAmerica) March 1, 2018
While it’s unclear how many customers have been affected, NIS has confirmed that the breach took place between 3 January and 26 February and affected two of its online stores, which have since been taken offline.
However, during that time frame, hackers were able to make off with customers payment card details, email address and address information, although NIS has said that those who ordered using PayPal have not been affected.
“On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page,” NIS America said in the email.
“This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.
NIS noted that it does not store customers’ payment card information and that user accounts are used “primarily to track past orders and gain rewards points.”
Data for past orders is stored securely, and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date,” NIS said.
NIS is recommending, naturally, that all customers change their passwords immediately and check their card statements for any suspicious activity.
It’s also offering customers a measly $5 discount on their next purchase, rather than, y’know, credit monitoring or identity theft insurance. µ
Source : Inquirer