GameStop is currently looking into reports that hackers have gained access to customer credit card information and customer data from gamestop.com. The company has issued a statement on this investigation to KrebsOnSecurity.

The data is said to have been stolen during a period between September 2017 and early February 2017. The data that was stolen is said to include customer card numbers, expiration data, name, address, and the CVV2 security numbers on the backs of credit cards.

Typically, CVV2 numbers are not stored by any commerce website. However, if the site was injected with malicious code or malicious software, it is possible that the data was recorded prior to being encoded during payment.