News Reporting

NIS America Stores Hit By Major Data Breach

Written By Samantha Ferreira

This isn’t snark, this isn’t a joke, this is a PSA. Change your passwords. Also, can we recommend a password manager like LastPass or 1Password? Awesome.

Yesterday, NIS America sent out a notice informing users that their online storefronts were compromised in a data breach. This includes the core NISA Online store, as well as the SNK Online Store.

According to NIS America, the breach exposed customer payment and address information for users who made purchases between January 23 and February 26, as well as February 28. NIS America sent initial notices to customers who made purchases in this date range first and foremost, before sending the general notice.

In the notice, NIS America explained that they became aware of a malicious process, which attached to the company’s checkout pages. The process, which was active as far back as January 23, was being used to skim personal information from customers. Though the process primarily targeted credit card users, buyers who used PayPal also saw values skimmed.

NIS America describes the process as:

After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.

Customers that may have had their information compromised between these dates were sent an email informing them dated February 28th, 2018. If you did not receive an email on this date, it is because our records did not show that you were impacted.

NIS America took their stores offline when they discovered the issue on February 26. After fixing the problem on their end, they returned to normal operations. NIS America noted that a new malicious process was discovered to be running on the afternoon of February 28. The new instance “was reintroduced by using an alternate method early in the morning of February 28th.”

In response to the two breaches, NIS America pledges that “We are continually monitoring our online stores at this time to ensure that no malicious changes are able to be made.”

What’s at Risk

NIS America explained that both PayPal and credit card users were potentially affected, with the following at risk for both:

  • Credit Card: Credit Card Details (Number, Expiration Date, CVV Code), Name, Address, Login Details, Email Address
  • PayPal: Billing Address, Shipping Address, Email Address

Source: NIS America (Email Communication)

Filed Under:

Tag(s): , ,

About the author

Samantha Ferreira

Samantha Ferreira is Anime Herald’s founder and editor-in-chief. A Rhode Island native, Samantha has been an anime fan since 1992, and an active member of the anime press since 2002, when she began working as a reviewer for Anime Dream. She launched Anime Herald in 2010, and continues to oversee its operations to this day. Outside of journalism, Samantha actively studies the history of the North American anime fandom and industry, with a particular focus on the 2000s anime boom and bust. She’s a huge fan of all things Sakura Wars, and maintains series fansite Combat Revue Review when she has free time available. When not in the Anime Herald Discord, Samantha can typically be found on Bluesky.

Anime Herald

Support Anime Herald

Anime Herald is brought to you through our Patrons and Ko-fi supporters. Consider backing us for as little as $1 a month to help us keep the site ad-free and pay a fair rate to our writers.

Patrons and backers can access several benefits, including Early Article Access, our members-only Discord, and the ability to suggest articles for our team to write on your behalf.

Become a Patron
Support us on Ko-Fi

Latest Posts

See all Articles