US racing group Churchill Downs had to deal with a payments crisis shortly after its $885 million takeover of the Seattle-based social gaming firm Big Fish Gaming, it has transpired from a news article surfacing this week.
SC Magazine revealed in the piece that just a week after the acquisition was completed in mid-December last year the trouble started, although Big Fish players were notified only on February 11 that its billing and online payment systems were infected following a malware attack.
In a letter to affected players, Big Fish said it had discovered on January 12 that an unknown criminal had installed malware on the billing and payment section of the company’s website, and it appeared to have intercepted customer payment information.
The customers affected were apparently those who entered new payment details between December 24, 2014, and January 8, 2015.
The compromised information included names, addresses, payment card numbers, expiration dates, card verification codes and potentially other information.
The Big Fish communication advised that the company had taken “the necessary steps” to remove the malware and prevent it from being reinstalled.
“We have reported the incident to and are cooperating with law enforcement. We have also informed the credit reporting agencies and payment card networks about this incident so that they may take appropriate action regarding your card account,” the letter said.
Affected players have been offered a free year of credit monitoring from Experian, along with and relevant professional advice, along with contact numbers for the three major credit-reporting agencies.
In a separate statement to media, Big Fish claimed it was “…the victim of a criminal cybersecurity intrusion of our website” and revealed that it had hired a top data security forensics company to investigate the intrusion and improve security.
It is understood that only a small percentage of the player base was affected.