The Packers were targeted by hackers, putting credit cards in danger

The Green Bay Packers, or more specifically, the team’s online store, has just fallen victim to hackers. Bad news? This means your credit card information may be at risk if you’ve recently made purchases from the official online store of an NFL team. Packers released data breach notificationnotifying its customers of the October hack. Here’s what we know.

Hackers managed to gain access to the store and inject a card skimmer script to steal payment and personal information. Affected data includes credit card types, expiration dates, numbers and verification numbers, which may expose customers to the risk of credit card fraud. The hackers also gained access to names, addresses and email addresses, says Computer beeping.

The NFL had already disabled all payment and checkout options after discovering the site had been hacked on Oct. 23. The Green Bay Packers have hired cybersecurity experts to investigate the incident and determine whether any customer information was accessed. The investigation revealed that personal and payment information was stolen between September and early October 2024.

“Based on a forensic investigation on December 20, 2024, we discovered that malicious code may have allowed an unauthorized third party to view or obtain certain customer information entered during checkout that used a limited set of payment options on the site. Pro Shop Website September 23-24, 2024 and October 3-23, 2024.”

There is some good news in all of this. If customers paid for their items using PayPal, Amazon Pay, a Pro Shop website account, or a gift card, their information was not affected. The NFL team also took action.

“We also immediately required the vendor who hosts and operates the Pro Shop website to remove the malicious code from the checkout page, update their passwords and confirm that there are no remaining vulnerabilities,” said Christa Jorgensen, Packers director of retail operations.

Sansec, a Dutch security company, notified the Packers of the breach. According to Sansec, the attackers used the JSONP callback (JSON with padding, which means a method that allows cross-domain requests) as well as YouTube’s oEmbed functions to bypass the Content Security Policy (CSP) and carry out their attack.

The Green Bay Packers offered three years of credit monitoring and identity theft recovery services to victims. If you purchased anything from the Packers online store between September and October 2024, be sure to check your credit card statements for fraudulent activity.

This isn’t the first time hackers have targeted the NFL. Several teams were attacked back in 2023, and a total of 15 NFL teams had their social media accounts hacked.