A few weeks ago, reports emerged that credit cards used to make purchases from GiftCardMall were encountering fraudulent charges.
A week or two later, GiftCardMall was requiring that users reset their passwords when logging in. They’ve now sent out a letter to affected customers confirming that they suffered a data breach.
Doctor of Credit has shared a copy of the letter that’s being sent out to potentially affected users. In it, GiftCardMall states that your information might have been compromised if you made purchases on their site between April 24, 2019 and May 21, 2019.
May 21 was the date that they apparently identified an unauthorized script in their website’s code which forwarded data to an external site. GiftCardMall has advised the following details might have been affected:
- Payment card number
- Card expiration date
- Security code
This is where things get a little strange. Despite this information becoming compromised and there being numerous reports of subsequent fraudulent charges on affected cards, GiftCardMall claims that:
Our investigation of this incident revealed no evidence that your personal information was actually accessed by any unauthorized party.
I’m no expert, but if the information was being forwarded to an external site, how would GiftCardMall know if those responsible had actually accessed that information. Besides, the seemingly large number of customers with fraudulent charges suggests their “evidence” didn’t involve contacting potentially affected customers or doing a quick Google search for “GiftCardMall Fraud”. From the first page of results for that search term:
GiftCardMall is offering 24 months of MyIDCare credit monitoring and identity protection services for free. You can enroll by calling 1-800-397-9573 or signing up here.
If you made purchases between April 24 and May 21 but haven’t been affected so far, it’s still worth keeping an eye on your statements in case your card is used in the future.