Green Bay Packers' online store hacked to steal credit cards

The Green Bay Packers’ official Pro Shop website was compromised by a card‑skimming script active between September 23–24 and October 3–23, 2024; the injected JavaScript harvested checkout fields (names, addresses, emails, credit card numbers, expiration dates, CVVs) and exfiltrated them to js-stats.com. Sansec’s analysis found the campaign abused a JSONP callback and YouTube oEmbed to bypass the site’s Content Security Policy. The team disabled payments, removed the malicious code, engaged outside forensics, and is offering three years of credit monitoring to affected customers.