“[They] may have gained access to names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates and card verification numbers for customers [who made purchases] between approximately 30 July 2016 and 12 October 2016”, it added.
“The really unforgivable aspect here is the loss of credit card details,” said cyber-security expert Prof Alan Woodward from Surrey University.”If this was an external attack, these details just should not be accessible or readable. An obvious question is, ‘was the customers financial data encrypted?’ If not that should attract some heavy attention from the appropriate regulators.”
Topps declined to say how many people were affected or why the payment card numbers were at risk. It is yet to clarify details of the hack.