Cyber Incident Victim: Game Mania
Date:
Jan 2022
Location:
Belgium
Summary
Game Mania experienced a cybersecurity incident involving unauthorized access to its webstore systems, compromising customer data. The breach exposed personal information including names, email addresses, phone numbers, and encrypted payment card details. While full financial data wasn't directly accessed, the incident created risks of phishing attempts and potential misuse of personal identifiers. The retailer promptly initiated forensic investigations and notified affected customers, advising vigilance against suspicious communications. Security measures were enhanced following the breach to prevent future intrusions, with authorities and data protection regulators informed in accordance with legal obligations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early January 2022, GM Webstore BVBA, operating as Game Mania, a Belgian video game and entertainment retailer, publicly disclosed a cybersecurity incident involving unauthorized access to its customer database. The breach occurred when attackers compromised the company's webstore systems, potentially exposing personal information of online customers. Affected data included customer names, email addresses, physical addresses, telephone numbers, and encrypted password information. Game Mania initiated an immediate investigation upon detecting the intrusion and engaged external cybersecurity experts to assess the breach scope. The company confirmed the attackers accessed systems containing customer information stored for online orders and account registrations. While financial data and payment card information were reportedly not compromised due to separate storage systems, the exposed personal details created significant privacy risks for affected individuals. The incident impacted customers who had created accounts or made purchases through Game Mania's online platforms prior to the breach detection.
Game Mania notified the Belgian Data Protection Authority (APD/GBA) within the mandatory 72-hour window required under GDPR regulations. The company emailed affected customers directly, advising them to change their account passwords and remain vigilant for potential phishing attempts using the stolen data. As a precautionary measure, Game Mania reset all customer account passwords and implemented enhanced security monitoring across its digital infrastructure. The retailer maintained transparent communication through its official website, publishing detailed FAQs about the breach while cautioning customers about fraudulent communications exploiting the incident. Forensic investigators worked to determine the exact intrusion timeline and method while the company reviewed its security protocols. Ongoing cooperation with data protection authorities continued as Game Mania strengthened system protections to prevent similar future incidents.