Cyber Incident Victim: Nippon Ichi Software America

The NIS America data breach occurred between January 23 and February 26, 2018, affecting the company's online stores at store.nisamerica.com and snkonlinestore.com. Attackers implanted a malicious process on the checkout page that intercepted customers' payment card details and address information during transactions. This skimming operation captured data from new orders placed with credit cards but did not compromise transactions processed through PayPal. The breach remained undetected until February 26, when NIS America security personnel identified the malicious script, which had been operational for over a month. The compromised data included full payment card information and shipping addresses entered during the checkout process for orders placed within the attack window.

NIS America notified affected customers via email shortly before March 1, 2018, confirming the breach timeline and scope. The company emphasized that its user account system did not store complete payment card details—only the last four digits of credit cards—and excluded CVV codes or expiration dates. As remediation, NIS America advised customers to change account passwords, monitor financial statements for fraudulent activity, and remain vigilant against phishing attempts. The company offered $5 discount codes for future purchases as compensation and reopened its stores after implementing undisclosed security improvements. No evidence suggested historical order data was compromised, as the attack exclusively targeted new transactions during the specified period. NIS America acknowledged the breach's impact on customer trust and stated its commitment to enhancing security measures to prevent recurrence.