The Green Bay Packers is notifying fans of a breach against its online store, which may have impacted the personal and/or financial data of customers. Compromised information may include: 

• Names 
• Addresses (billing and shipping) 
• Email addresses 
• Credit card type, number, verification code and expiration date

Steve Povolny, Senior Director of Security Research at Exabeam, comments, “As a long-time Packer fan growing up in Wisconsin, this definitely caught my eye. While script injection and card skimming are age-old techniques for data theft, the original point of entry remains unknown. Whether a server-side vulnerability such as XSS (Cross-site scripting), social engineering such as phishing, or a configuration issue on login/authentication, it is important to remember that both the original points of entry and all follow-up vectors must be monitored and tracked. Even if an attacker manages to get in, so long their actions afterward can be profiled or detected, ultimate harm can be avoided or at least alerted earlier. Regardless, I’m calling a penalty on this play, ‘unnecessary hacking.’ At least they didn’t get our cheese curds.”