Recently, SCUF Gaming International, LLC (“SCUF Gaming”) announced a consumer data breach stemming from an incident in which a hacker may have accessed and obtained customers’ personal and financial information. On October 21, 2021, SCUF Gaming sent out more than 30,000 data breach notification letters to affected parties, informing them that their information may have been compromised. This particular breach is especially concerning, as the compromised information includes customers’ names, email addresses, billing addresses, credit card numbers, expiration dates, and CVV numbers. This information, if it ends up in the hands of a criminal, is certainly enough to commit identity theft.
If you are among those who received a data breach notification from SCUF Gaming, it is important that you take the letter seriously. Even if you do not notice any signs of unauthorized activity on your account, your information may be in the hands of someone who later intends to use it. While it is too early to tell if SCUF Gaming mishandled customers’ information, if so, affected parties may be able to pursue a data breach or consumer privacy claim against the company.
Can You Take Legal Action Against SCUF Gaming International, LLC.?
When you make a purchase through SCUF Gaming or any other online retailer, you trust your credit card information and other personal information are in good hands. And, most of the time, it is. However, occasionally, companies mishandle customers’ information. When this happens, a company may be liable through a data breach lawsuit. While it is too early to tell if SCUF Gaming took the precautions required under the law, our data breach lawyers are currently investigating whether there is a possible class action lawsuit against SCUF Gaming based on the recent data breach. If you have questions about your ability to bring a SCUF Gaming class action lawsuit, it is important you reach out to a data breach lawyer as soon as possible.
What to Do to Protect Yourself if You Received a Data Breach Notification Letter from SCUF Gaming
While receiving a letter does not mean that you will fall victim to identity theft, it is a distinct possibility. If you received a letter from SCUF Gaming International, LLC, indicating that your credit card information was compromised in the recent hacking event, it is important that you take the necessary steps to protect yourself from the very real threat of identity theft and unauthorized charges on your credit card. Consumer privacy and data breach lawyers who represent victims of identity theft in the wake of a data breach recommend you take the following steps:
- Carefully read the data breach notification letter to determine what information was accessed by an unauthorized party;
- Make a copy of the letter your records;
- Sign up for free credit monitoring service provided by SCUF Gaming;
- Change passwords to all online accounts;
- Consider closing affected credit cards;
- Check your bank account and credit card statements for any signs of unauthorized activity;
- Regularly monitor your credit report for any signs of fraud or identity theft;
- Contact one of the three credit bureaus to request they add a fraud alert to your account; and
- Notify your bank and credit card companies of the data breach.
About SCUF Gaming
SCUF Gaming is an electronics company that specializes in the development and manufacturing of custom video game controllers for consoles and personal computers. Founded in 2011, SCUF gaming is based out of Suwanee, Georgia and owns over 160 patents, including 105 of which have been granted and another 56 which are pending. The company’s controllers purportedly allow users to make better use of their hands while playing and provide additional features, such as hair triggers, trigger stops and paddles.
More Info About the SCUF Gaming Consumer Data Breach
According to the latest press release from SCUF Gaming, on February 18, 2021, the company was notified through a third-party payment processor that there was unusual credit card activity occurring through the company’s online store. SCUF Gaming looked into the situation and determined that their system was hacked. The hacker evidently placed a line of code in the company’s back-end system, which was capable of capturing customers’ credit card information. The period during which the unauthorized party potentially had access to customers’ credit card information was between February 3, 2021 and March 16, 2021.
After reviewing the information accessed by the unauthorized party, SCUF Gaming Inc. was unable to determine if the hacker successfully obtained any customers’ credit card information. As the company continued investigating the incident, it sent an email to affected customers explaining the situation, followed by a formal data breach notification letter.
Below is a copy of the data breach letter issued by SCUF Gaming (the actual notice sent to consumers can be found here):
As a follow-up to our email sent on May 4, 2021, SCUF Gaming International, LLC (“SCUF Gaming”) is contacting you again now that the investigation is complete to inform you of a security incident that may have compromised the payment card you used in March 2021 for a transaction or attempted transaction at www.scufgaming.com. This communication does not mean that fraud did or will occur on your payment card account. You should monitor your account and notify your card provider of any unusual or suspicious activity. As a precaution, you may wish to request a new payment card number from your provider.
On February 3, 2021, login credentials for a third-party vendor were used to insert an unauthorized script onto the backend system of SCUF Gaming’s webstore. The unauthorized script was detected on March 16, 2021 and removed immediately on that same day. We conducted a rigorous investigation in partnership with third-party forensic specialists to identify what the script could do and determined on April 21, 2021 that the script was capable of capturing credit card information.
We then worked to determine the window of time where credit card information could have potentially been exposed which concluded on July 21, 2021. The investigation confirmed there was a chance the unauthorized script present on our site may have exposed some of your personal information at point of sale. We are unable to confirm if any credit card transactions during this time period were affected.
What Information Was Involved?
Our investigation has determined that orders processed via PayPal were not compromised and that the incident was limited to payments or attempted payments via credit card between February 3rd and March 16th. The potentially exposed data was limited to cardholder name, email address, billing address, credit card number, expiration date, and CVV.
What We Are Doing.
As part of our security measures, we regularly screen activity on our website and continuously improve our security protocols. We will continue to enhance our security features to defend against security threats. In addition, we are also increasing the scrutiny of our third-party vendors and continuing to work with third party forensics experts to prevent future incidents.
What You Can Do.
We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors over the next 12 to 24 months. You can find out more about how to protect against potential identity theft and fraud in the enclosed Steps You Can Take to Protect Personal Information.
For More Information.
We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please call our dedicated assistance line at 855-675-3097 between 9:00 a.m. and 9:00 p.m. Eastern Time, Monday through Friday, excluding U.S. holidays. You may also email SCUF Gaming at email@example.com.