Green Bay Packers Online Store Hack Exposes Credit Card Data of 8,500+ Customers

Green Bay Packers Online Store Hack Exposes Credit Card Data of Over 8,500 Customers

The Green Bay Packers, one of the most well-known NFL teams, has confirmed a significant data breach involving its online store, PackersProShop.com. The breach, which occurred between September 23, 2024, and October 23, 2024, compromised the personal and financial details of over 8,500 customers. This incident, attributed to malicious code injected into the website, exposed sensitive information, including credit card details, shipping addresses, and email addresses.

Breach Timeline and Discovery

The malicious code was first detected on October 23, 2024, when the Packers' IT team was alerted to an external system breach. Upon discovering the attack, the Packers immediately disabled the payment and checkout functions of the website to prevent further damage. After a thorough investigation with cybersecurity experts, it was determined that the breach may have been ongoing between September 23-24, 2024, and October 3-23, 2024.

What Data Was Compromised?

The breach allowed cybercriminals to acquire the following information from customers who used certain payment methods on the Pro Shop website:

• Names
• Shipping and Billing Addresses
• Email Addresses
• Credit Card Types
• Credit Card Numbers
• Expiration Dates
• Credit Card Verification Numbers (CVVs)

The Packers stated that payments made via gift cards, PayPal, Amazon Pay, or Pro Shop accounts were not impacted by the breach.

Impact and Customer Notifications

In total, 8,514 individuals were affected, with 16 residents of Maine among them. The Green Bay Packers sent written notifications to the affected customers on January 6, 2025, explaining the breach and offering guidance on steps to protect themselves.

Response and Mitigation

The Packers have taken several steps to contain the breach, including:

• Disabling Payment Functions: They immediately shut down the checkout process to limit further exposure.
• Security Overhaul: Working with external cybersecurity experts and the hosting vendor, they removed the malicious code from the site, refreshed passwords, and ensured all vulnerabilities were addressed.
• Ongoing Monitoring: The Packers continue to enhance their security protocols to prevent similar incidents from occurring in the future.

Support for Affected Customers

To assist the impacted individuals, the Green Bay Packers are offering free credit monitoring and identity theft protection for three years, provided by Experian. This service includes identity theft restoration services and will help mitigate the potential risks arising from the stolen personal data.

Customers are advised to remain vigilant, closely monitor their financial accounts, and report any suspicious activity to their financial institutions, banks, and the relevant authorities, including the Federal Trade Commission (FTC) and the state attorney general.

Regulatory Compliance

According to a breach notification filed with the Maine Attorney General, the Green Bay Packers have complied with all regulatory requirements. The breach was classified as an external system attack, and steps have been taken to notify affected individuals within the mandated timeframes. Additionally, the Packers are continuing their investigation to understand how the attackers gained access and improved their security measures.

Security Recommendations

In light of this breach, experts recommend that e-commerce sites, including sports franchises like the Green Bay Packers, implement strong third-party API validation processes and ensure ongoing security audits. As one cybersecurity expert mentioned, “It’s essential for eCommerce sites to ensure proper software supply chain hygiene, including engaging third-party vendors and continuously assessing their security posture.”