If you have purchased anything with NIS in the last month or so, you may want to take a look at your bank statements. NIS checkout sites were targeted by a malicious tracker that skimmed addresses, contact information and payment details.
A month of skimmed data
Customers of NIS America were unhappy to hear that their data had been compromised in a hack. Information has been skimmed from the US arm of Nippon Ichi Software for nearly one month, between January 23 and February 26th of this year. Credit card details and personal information was part of the leak; however, PayPal information was not compromised. As an apology gift, NIS America is offering codes for five-dollar discounts on the next purchase made through their service.
The security breach flew under the radar for so long because purchases were still completed without issue. The malicious site would collect consumer data and then return the purchaser back to legitimate purchasing portals for the Japanese merchant. While NIS does not store consumer credit card information, themselves, they want customers to know that data gathered in this way could be used fraudulently in the future. If you have made a purchase with them in the last month, it bears close scrutiny to your accounts.
NIS customer accounts are mainly used to accrue loyalty points, track order and review previous purchases. Address information is available here, but not payment information.
Accounts are safe again
In response to the breach, NIS sent out an email to customers notifying them of the situation. They also tweeted to followers that the email was indeed valid information, from NIS. They notified customers that they were working on resolving the problem. So far, only the US website has shown signs of compromise. The EU and other stores have been deemed safe.
As customers were notified, NIS administrators removed store pages from the internet in order to determine exact point of entry for the malware. They also are seeking a more exact time frame for when breaches were carried out. They report that they have identified the problem and removed it from their sites. They are currently seeking other action for improving security.
NIS has not clarified exactly how many customers were compromised and does not explain further specifics about the attackers’ methods. For now, customers are being told to update their passwords, be wary of suspicious emails, texts and phone calls, and to monitor their accounts like hawks.
NIS reiterated that customer security and satisfaction is a top priority for the company and realized the seriousness of the breach. They recognize that their $5.00 off coupons are small tokens of apology but see them as a first step in rebuilding consumer trust. NIS says that they are confident that their online stores are, once again, safe for use.