BSN Sports, LLC suffered a data breach where the security of its eCommerce website checkout pages was compromised between April 24, 2019, and January 5, 2021. The incident exposed sensitive payment card information, including account numbers, expiration dates, verification numbers (CVV/CVC), and associated personal details of an undisclosed number of customers. The breach was reported by the California Office of the Attorney General on February 26, 2021, highlighting a prolonged vulnerability that allowed unauthorized access to financial data during online transactions. While the exact number of affected individuals remains undisclosed, the exposure of full payment card details poses significant risks of fraud, identity theft, and financial losses for customers. The breach underscores failures in securing critical payment processing systems, potentially eroding trust in the company’s ability to protect customer data during transactions.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-538406
TPRM report: https://www.rankiteo.com/company/bsn-sports
"id": "bsn031091825",
"linkid": "bsn-sports",
"type": "Breach",
"date": "4/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undisclosed number of '
'individuals',
'industry': 'Sports Equipment & Apparel (eCommerce)',
'location': 'United States (California)',
'name': 'BSN Sports, LLC',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Yes (payment card and personal '
'information)',
'number_of_records_exposed': 'Undisclosed',
'personally_identifiable_information': 'Yes (associated with '
'payment cards)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['payment card data',
'personal information']},
'date_publicly_disclosed': '2021-02-26',
'description': 'The California Office of the Attorney General reported that '
'BSN Sports, LLC experienced a data breach involving the '
'compromised security of checkout pages on its eCommerce '
'websites. The breach affected payment card data from '
'approximately April 24, 2019, to January 5, 2021, exposing '
'payment card account numbers, expiration dates, verification '
'numbers, and associated personal information.',
'impact': {'data_compromised': ['payment card account numbers',
'expiration dates',
'verification numbers',
'associated personal information'],
'identity_theft_risk': 'High (payment card and personal '
'information exposed)',
'payment_information_risk': 'High (payment card data compromised)',
'systems_affected': ['checkout pages on eCommerce websites']},
'references': [{'date_accessed': '2021-02-26',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA)',
'Payment Card Industry '
'Data Security Standard '
'(PCI DSS)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'BSN Sports Data Breach (2019–2021)',
'type': 'Data Breach'}