According to reports, NIS America's online store might have suffered a data breach which compromised customer's personal information, including payment information.
An email was shared today on ResetEra under the subject headline, "Notice of Data Breach" from the NIS America Online Store team. The email reads that the breach occurred between January 23, 2018 and February 26, 2018 to online stores owned and operated by NIS America. This includes both store.nisamerica.com and snkonlinestore.com.
Furthermore, NIS America says that the personal information taken includes payment information "taken directly from new orders placed using a credit card," but mentions information tied to PayPal purchases were not taken. Nor was information related to orders made before the aforementioned dates taken either, suggesting that purchases made by users outside of the dates listed above are potentially okay. Though it is still recommended that you change your online password if you have an account tied to NIS America.
NISA Online detailed the events attack in its full email, writing to affected customers:
"On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page. This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store."
"After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction."
"Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future. Fraudulent payments could be attempted at any storefront that accepts credit card payments, not just NIS America, Inc. store pages."
NIS America says that it had taken the online store offline to scan the exact point of entry. The company is working to solve the issue and improve site security, but recommends users to check their bank and credit card statements for suspicious activity.
NIS America is also hoping to earn back customer trust and will send out codes for a $5 discount on their next purchase, though depending on the severity of the damage, the discount vouchers might not be enough. We have reached out to NISA for further comment.
NIS America has confirmed the legitimacy of the emails via Twitter.
Hello everyone, you may have received an email regarding a data breach of the NISA Online Store. This is a valid and legitimate email. Please stand by as we work on resolving the issue. Thank you for your patience and understanding!— NIS America, Inc. (@NISAmerica) March 1, 2018