Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers.
Pro Wrestling Tees is a website allowing professional wrestlers to set up their own mini-stores to sell merchandise like shirts, posters, action figures, and more to their fans.
The platform also organizes regular meet-ups for fans to meet their favorite athletes, making the site is very popular among the various wrestling communities worldwide.
In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees was informed by law enforcement on November 01, 2021, that a small portion of its customers’ credit card numbers had been compromised.
The entity informed the Office of the Maine Attorney General about the incident on December 22, 2021, saying the incident affected 31,000 customers.
“We immediately conducted an extensive investigation of our system and concluded that a malware virus was the source of breach,” reads the Pro Wrestling Tees data breach notification.
“Working with a sophisticated forensic vendor, we have removed the malware virus from our system. We did not find any evidence that any current individual personal information was compromised.”
The credit cards were stolen due to a malware infection that stole full names and credit card numbers along with the matching CVV codes.
While it is not clear how the cards were stolen, it was likely caused by their site being hacked and a malicious skimmer script added to steal credit cards during checkout.
Skimmers are small snippets of code that hide on website elements and run only when a visitor is on the checkout page to steal the details entered on the order form.
In the meantime, affected individuals are advised to take up the offering of one-year of identity theft protection and credit monitoring services through IDX.
Unfortunately, some users on Reddit claim to have lost thousands of USD due to their credit cards being stolen, while others say their bank intervened and flagged fraudulent transactions.
This means that the details are already being exploited in the cyber-criminal underground, so utmost vigilance to all Pro Wrestling Tees customers is advised.
We have reached out to Pro Wrestling Tees to learn more about the type and scope of the incident, and we will update this post as soon as we know more.