The Topps Company

The Topps Company, also known simply as Topps, is a sports collectible and trading card enterprise. Headquartered in the United States of America, the firm focuses on the design, production, and distribution of trading cards and related memorabilia. Its product lines encompass major sports leagues, entertainment franchises, and hobbyist collections. The company serves collectors and fans across domestic and international markets through retail channels and online platforms. While specific figures on revenue or workforce are not disclosed in the available sources, its brand is recognized within the collectibles industry. Topps has historically positioned itself as a longstanding participant in the trading card sector, leveraging licensing agreements with sports organizations and media properties. This background establishes the context for its digital commerce operations, which later became points of vulnerability.

In October 2016, Topps disclosed unauthorized system access that persisted for several months before being addressed. The intrusion potentially exposed customer names, addresses, email addresses, phone numbers, and payment card details including numbers, expiration dates, and security verification codes. In response, the company offered affected individuals complimentary identity theft protection services. A security researcher had previously reported vulnerabilities in the firm’s mobile applications, which were initially remedied but later followed by another exposed database that received no response. Cybersecurity commentators criticized the storage of unencrypted financial data as a serious lapse, noting possible regulatory repercussions. Nearly two years later, in November 2018, Topps experienced a MageCart attack wherein malicious script was injected into the website’s checkout process. The script captured personal and payment information from customers completing purchases during the affected period, though transactions processed via PayPal remained unaffected. Upon discovering the unauthorized access, Topps removed the malicious code after upgrading its site software. Exposed data potentially included names, addresses, email addresses, phone numbers, and payment card information with expiration dates and security codes. These incidents underscore the challenges faced by the company in securing its e‑commerce environments despite its core focus on physical collectibles.