GiftCardMall Has Confirmed They Suffered A Data Breach

1

A few weeks ago, reports emerged that credit cards used to make purchases from GiftCardMall were encountering fraudulent charges.

A week or two later, GiftCardMall was requiring that users reset their passwords when logging in. They’ve now sent out a letter to affected customers confirming that they suffered a data breach.

Data breach hacking fraudulent charges

Doctor of Credit has shared a copy of the letter that’s being sent out to potentially affected users. In it, GiftCardMall states that your information might have been compromised if you made purchases on their site between April 24, 2019 and May 21, 2019.

May 21 was the date that they apparently identified an unauthorized script in their website’s code which forwarded data to an external site. GiftCardMall has advised the following details might have been affected:

  • Name
  • Address
  • Payment card number
  • Card expiration date
  • Security code

This is where things get a little strange. Despite this information becoming compromised and there being numerous reports of subsequent fraudulent charges on affected cards, GiftCardMall claims that:

Our investigation of this incident revealed no evidence that your personal information was actually accessed by any unauthorized party.

I’m no expert, but if the information was being forwarded to an external site, how would GiftCardMall know if those responsible had actually accessed that information. Besides, the seemingly large number of customers with fraudulent charges suggests their “evidence” didn’t involve contacting potentially affected customers or doing a quick Google search for “GiftCardMall Fraud”. From the first page of results for that search term:

GiftCardMall Fraud Google Resutls

GiftCardMall is offering 24 months of MyIDCare credit monitoring and identity protection services for free. You can enroll by calling 1-800-397-9573 or signing up here.

If you made purchases between April 24 and May 21 but haven’t been affected so far, it’s still worth keeping an eye on your statements in case your card is used in the future.

Want to learn more about miles and points? Subscribe to email updates or check out our podcast on your favorite podcast platform.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
newest
oldest most voted
Inline Feedbacks
View all comments
TomJ

I used 3 different credit cards at GCM during the timeframe of the breach and had ALL 3 of them used fraudulently! For GCM to claim that my personal information wasn’t accessed by a 3rd party is a complete and total lie.