It appears that publisher NIS America has suffered a data breach, confirming today that their online store was hacked, leading to customer's credit card details and personal information being stolen. This was an issue that lasted from around January 23rd and was resolved on February 26th, for both store.nisamerica.com, and snkonlinestore.com as well. If any customer made a purchase during that timeframe, a redirect occured when checking out, allowing one's name, address, credit card number, expiration, CVV, and email to be given to an unknown hacker. Those who used PayPal to check out have been confirmed as unaffected. If you were affected, NIS America sent out an email to warn people who had their info stolen. You can see the full email below.

We are contacting you to notify you of a data breach which occurred between January 23rd, 2018 and February 26th, 2018 on online stores owned and operated by NIS America, Inc., including store.nisamerica.com and snkonlinestore.com. This data breach allowed an unauthorized party to access customer payment and address information for new credit card orders placed between these dates.

Our customers are our top priority, and it is our responsibility to provide a safe and secure environment for you to shop online with confidence. We would like to inform our customers of what happened as a result of this breach, the steps we have taken to resolve it, and what you can do to protect yourself.

Am I impacted by this?

Yes. Your personal information, including your payment information, may have been compromised. Personal information, including payment information, was taken directly from new orders placed using a credit card between January 23rd, 2018 and February 26th, 2018. Orders placed using PayPal during this time period did not have their payment information or PayPal login information skimmed by this process. Orders placed before this time period were not impacted. Based on our information, we have determined that your information may have been affected by this.

What happened?

On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page. This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store.

After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.

Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future. Fraudulent payments could be attempted at any storefront that accepts credit card payments, not just NIS America, Inc. store pages.

What information was involved?

The skimming process had access to all information provided by the customer during checkout, including their name, address, credit card number, expiration date and CVV security code, and email address.

We do not collect Social Security numbers, and there is no evidence that any payment or billing information provided prior to January 23rd, 2018 was compromised.

What actions were taken as a result of this issue?

Once we became aware of this issue, we immediately took our store pages offline to prevent any further breaches. After taking our store pages offline, we scanned all our processes to determine the exact point of entry, as well as determine when this change occurred on our online stores. We have taken steps to solve the issue that resulted in this breach, along with several other steps to improve our site’s security.

What you can do to protect yourself:

-Check your bank or credit card statement for suspicious activity, or charges that you do not recognize. If you see any fraudulent or suspicious charges, please contact your bank or credit card’s fraud department. It is possible for any information gathered by this malicious process to be saved and used at a later date, so regularly checking your statements for unusual activity is the best way to ensure your card is not being misused.

-Contact your bank or credit card company to cancel cards you feel may be impacted by this issue, and request a new card. If you request a new card, please remember to update any automatic payments that may attempt to draw from the old card. If replacing a card, you will need to update preorders for future products provided by NIS America, Inc.’s online stores. For secure payment, we can send invoices via email directly from PayPal, which can be paid with or without a PayPal account. PayPal information was not breached during this event.

-Check your credit report for any anomalies. The Federal Trade Commission recommends http://www.annualcreditreport.com/ . Additionally, you can place a free, 90-day fraud alert with one of the three major credit bureaus and/or place a credit freeze on your file to restrict access to your credit report by other parties. For more information, please visit https://www.identitytheft.gov/Steps

-If you have a user account on one of NIS America, Inc.’s online stores, please know that we do not store payment information within these accounts. User accounts are used primarily to track past orders and gain reward points. Data for past orders is stored securely, and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date. It is still recommended to change the password of any accounts you have with a store operated by NIS America, Inc.

-If you encounter any warning messages from your web browser that you may be proceeding to an unsafe page on our site or any other site, stop what you are doing and contact the site’s operators.

-Keep an eye out for fraudulent emails, texts, phone calls, or fake websites trying to get your personal information. Never give out private or personal information, including financial details, unless you can verify the identity of the person or organization contacting you. Don’t respond to texts or emails coming from a contact you don't recognize, and don’t click on any links they provide. Instead, if you need to check your account, type the site address you want to visit into your browser and securely log into your account.

-NIS America will never ask you for your personal information, payment information, or password via email, unless contacted to do so by our customers via our customer support channels. Updated payment information is only collected through PayPal, using either an invoice or direct payment.

We know that this issue and the steps needed to resolve it can be frustrating. We share these feelings, and we pledge to do our best to get this issue resolved, and prevent it from happening again. At this time, we can say that we have identified the issue, removed it from our website, and taken steps to prevent this issue from recurring, as well as added new security to our online stores. We would not be reopening our online stores if we did not feel confident that they are a safe place to shop.

We are committed to earning back your trust and confidence, and we hope to have the opportunity to serve you again soon. We will be sending out codes for a $5.00 discount on your next purchase from our online store to those impacted by this issue within the next few days. We understand that this is a small token, but we hope it will show our commitment and appreciation of our customers as we begin to regain your trust.

If you have any questions or concerns, please feel free to contact us and we would be happy to assist you in any way that we can. We can be reached anytime at [email protected].

We are determined to provide you with a safe and secure shopping experience going forward. We hope to see you on our online stores again soon.

An exact number on how many were affected was not given, but the company will be giving out coupons for $5.00 off their next purchase from NIS America's store to apologize for the incident.

Source

 

[Xzi]

the company will be giving out coupons for $5.00 off their next purchase from NIS America's store to apologize for the incident.

Lol. "Your credit card and full identification data was stolen? Here's $5. You're welcome."

Thankfully I've never bought anything directly from these guys.

 

[Chary]

Lol. "Your credit card and full identification data was stolen? Here's $5. You're welcome."

Thankfully I've never bought anything directly from these guys.

What's really painful is that this happened within the timeframe of their yearly press conference. So there's a good chance more people than usual were making pre-orders and purchases. The $5.00 coupon is honestly worse than nothing. It comes off as awkward, utterly cheap, and laughable.

 

[the_randomizer]

I'm glad I never used this before.

 

[Taffy]

NIS, the company that brought us the incredibly glitchy Cave Story 3D.

get $5 off your purchase of Cave Story 3D, with added sequence breaking functionality!

 

[leon315]

Inside job? So people suspect same even on 911...

 

[GamerzHell9137]

And if you check the twitter down below

Huuuuuuu~, that sucks.

 

[Deleted-355425]

Always worth cancelling your bank cards now and again to stop this happening. Shitty situation.

 

[_v3]

- snip -

You just lost over a thousand dollars, here's 5, that'll get you back on track.

 

[DarthDub]

Yikes.

 

[blindseer]

Just personally got hit by 2.5 grand in fraud by this, thanks nisa, no more games from your storefront.

 

[sarkwalvein]

Just personally got hit by 2.5 grand in fraud by this, thanks nisa, no more games from your storefront.

Shit that's a lot, that sucks big time.

 

[blindseer]

Shit that's a lot, that sucks big time.

Thankfully citibank says I'm not liable but its gonna take weeks to sort this shit out, so yeah, any trust I had with NISA(not much before this) is now gone. If I ever had to purchase something from their storefront Id use a prepaid card now.

 

[Yepi69]

That must suck, if I already get pissed when some websites charge me twice by mistake let alone if people pay with credit cards, only to be maxed out minutes later after a data breach.
Is there a chance for you guys to get your money back?

 

[Viri]

Ugh, shit like this makes me wanna use Paypal more. I always get super nervous when giving out credit card info.

 

[TheWolfLord]

So, this is sort of ridiculous given NIS track record. Especially lately.

The emails mention the possibility of local data being stored and to clear cache.

Should people be worried about Non-Nis related activity during this time frame? Such as logging into another site like amazon or something? Could accounts or other information not related to this situation have been put at risk?

 

[mikey420]

And this is why i try to avoid paying for anything online unless i use paypal...