GameStop
Company Details
Linkedin ID:
gamestop
Website:
Employees number:
16,849
Number of followers:
146,370
NAICS:
43
Industry Type:
Homepage:
gamestop.com
IP Addresses:
0
Company ID:
GAM_1124017
Scan Status:
In-progress
GameStop Company CyberSecurity Posture
gamestop.com
GameStop offers games, entertainment products and technology through its e-commerce properties and stores.
GameStop A.I CyberSecurity Scoring
GameStop Risk Score (AI oriented)Between 750 and 799
GameStop
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GameStop Global Score (TPRM)XXXX
GameStop
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GameStop Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
GameStop
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: GameStop.com website suffered from a data breach incident in February 2017. The compromised information includes customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards. They immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges.
GameStop, Inc.
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Washington State Office of the Attorney General reported a data breach involving GameStop, Inc. on June 5, 2017. The breach occurred due to unauthorized access to its computer network, potentially exposing the personal and financial information of 27,956 Washington residents between August 10, 2016, and February 9, 2017.
GameStop
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A security breach has exposed the financial and personal data of Gamestop's online customers. Clients received postal letters from the corporation, which also stated that the credit card or bank card information of an unspecified number of online clients had been compromised. Hackers gained access to names, addresses, card numbers, expiration dates, and the three-digit card verification values (CVV2). The corporation claims that neither retail customers nor the PoS systems at the company stores were compromised by the security vulnerability."
GameStop Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GameStop
Incidents vs Retail Industry Average (This Year)
No incidents recorded for GameStop in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for GameStop in 2025.
Incident Types GameStop vs Retail Industry Avg (This Year)
No incidents recorded for GameStop in 2025.
Incident History — GameStop (X = Date, Y = Severity)
GameStop cyber incidents detection timeline including parent company and subsidiaries
GameStop Company Subsidiaries
GameStop offers games, entertainment products and technology through its e-commerce properties and stores.
Loading...
GameStop Similar Companies
Food Lion
Food Lion, based in Salisbury, N.C., and its 82,000 associates have a longstanding history of serving its customers and communities through 10 Southeastern and Mid-Atlantic states. Since 1957, we have been connected to the towns and cities we serve by providing an easy shopping experience anchored b
Tupperware
Founded in 1946, Tupperware's signature container created the modern food storage category that revolutionized the way the world stores, serves and prepares food. Today, we continue to innovate for the benefit of people and our planet by designing innovative, functional and environmentally responsib
华润创业有限公司
Founded in 1992, China Resources Enterprise, Limited is the Hong Kong flagship subsidiary of China Resources (Holdings) Company Limited in the comprehensive consumer goods and retail services businesses. The Company focuses on three businesses: beer, food and beverage. For the beer division, Chin
Publix Super Markets
Founded in 1930, Publix Super Markets is the largest and fastest-growing employee-owned supermarket chain in the United States. Publix employs over 200,000 associates. We are privately-owned, hold no long-term debt, have avoided layoffs, and continue to grow year after year. Publix and our associate
Raia
Nossa página oficial no LinkedIn é https://bit.ly/2XT3eZl Fundada em 1905 na cidade de Araraquara, a Raia é uma das bandeiras da RD Saúde (Raia Drogasil S.A.) e possui mais de 1000 farmácias em todo o Brasil. A RD Saúde é um ecossistema de saúde integral, com 3 mil farmácias em todo o Brasil e neg
Azadea Group
AZADEA Group is a premier lifestyle retail company that owns and operates more than 40+ leading international franchise concepts across the Middle East and Africa. With over 13,500 employees, dedicated offices in every market it operates, and world-class infrastructure, the company oversees over 700
PT Lion Super Indo
Sejak tahun 1997, Super Indo telah bertumbuh dan berkembang di Indonesia melalui kemitraan bersama Ahold Delhaize yang berasal dari Belanda dan Salim Group dari Indonesia. Didukung lebih dari 10,000 karyawan* yang terlatih, Super Indo berhasil menyediakan berbagai macam barang kebutuhan sehari-hari
Barnes & Noble proudly serves America with approximately 600 bookstores across all fifty states, and are busy opening newly designed stores in communities nationwide. We are an innovator in publishing, retail, and digital media, including our award-winning NOOK® products and an expansive collectio
Shoppers Drug Mart
Built on a foundation of professional expertise and personal service, Shoppers Drug Mart has been meeting Canadians' health care needs for 50 years. What was once a small pharmacy in Toronto has grown into an organization of over 1,200 stores from coast to coast, becoming an indelible part of the l
.png)
GameStop CyberSecurity News
October 31, 2025 07:00 AM
Croc And Buck The GameStop Bunny Star In New ModRetro Chromatic Titles, Out Soon
Croc: 25th Anniversary Edition will launch in December, while Buck and the Cursed Cartridge is now available to order.
October 23, 2025 07:00 AM
GameStop surges amid bullish options flows
The stock's put/call ratio is poised for its second-lowest day of the year....
October 06, 2025 07:00 AM
GameStop Restocks Shiny Pokemon Codes As Fans Complain Of Scarcity And Scalping
The distribution event for Shiny Koraidon and Miraidon in Pokemon Scarlet and Violet has been a messy affair.
October 06, 2025 07:00 AM
GameStop blames Pokemon Company for botched Scarlet and Violet shiny giveaway: "Not our decision"
When you buy through links on our articles, Future and its syndication partners may earn a commission. Koraidon in Pokémon Scarlet.
October 04, 2025 07:00 AM
'Xbox Game Pass Ultimate is still $19.99 with us': GameStop somehow openly brushes off Game Pass price hike
Irked by the Game Pass price increase? GameStop vows to keep selling subscriptions at the old price.
October 03, 2025 07:00 AM
GameStop promises to keep selling Game Pass Ultimate for $19.99 — company defies Microsoft's 50% price increase
GameStop says it will continue to offer Xbox Game Pass Ultimate at its old price of $19.99 after Microsoft raised the price by 50%.
September 15, 2025 07:00 AM
Should You Buy the Dip in This Cybersecurity Stock in September 2025?
After its high-profile IPO and a post-earnings dip, SailPoint still boasts robust 33% revenue growth, expanding strategic partnerships,...
June 13, 2025 07:00 AM
White & Case advises GameStop Corp. on upsized US$2.25 billion notes offering
Global law firm White & Case LLP has advised GameStop Corp. (NYSE: GME) on its upsized issuance of US$2.25 billion aggregate principal...
April 05, 2025 07:00 AM
Cybercrime Diary, Vol. 2, No. 2: Who’s Hacked? Latest Data Breaches And Cyberattacks
Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015. That's a staggering 15X increase in...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GameStop CyberSecurity History Information
Official Website of GameStop
The official website of GameStop is https://www.gamestop.com.
GameStop’s AI-Generated Cybersecurity Score
According to Rankiteo, GameStop’s AI-generated cybersecurity score is 764, reflecting their Fair security posture.
How many security badges does GameStop’ have ?
According to Rankiteo, GameStop currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does GameStop have SOC 2 Type 1 certification ?
According to Rankiteo, GameStop is not certified under SOC 2 Type 1.
Does GameStop have SOC 2 Type 2 certification ?
According to Rankiteo, GameStop does not hold a SOC 2 Type 2 certification.
Does GameStop comply with GDPR ?
According to Rankiteo, GameStop is not listed as GDPR compliant.
Does GameStop have PCI DSS certification ?
According to Rankiteo, GameStop does not currently maintain PCI DSS compliance.
Does GameStop comply with HIPAA ?
According to Rankiteo, GameStop is not compliant with HIPAA regulations.
Does GameStop have ISO 27001 certification ?
According to Rankiteo,GameStop is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of GameStop
GameStop operates primarily in the Retail industry.
Number of Employees at GameStop
GameStop employs approximately 16,849 people worldwide.
Subsidiaries Owned by GameStop
GameStop presently has no subsidiaries across any sectors.
GameStop’s LinkedIn Followers
GameStop’s official LinkedIn profile has approximately 146,370 followers.
NAICS Classification of GameStop
GameStop is classified under the NAICS code 43, which corresponds to Retail Trade.
GameStop’s Presence on Crunchbase
Yes, GameStop has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/gamestop.
GameStop’s Presence on LinkedIn
Yes, GameStop maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gamestop.
Cybersecurity Incidents Involving GameStop
As of December 11, 2025, Rankiteo reports that GameStop has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
GameStop has an estimated 15,469 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at GameStop ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does GameStop detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with they immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges., and communication strategy with postal letters to clients..
Incident Details
Can you provide details on each incident ?
Title: GameStop.com Data Breach
Description: GameStop.com website suffered from a data breach incident in February 2017. The compromised information includes customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards.
Date Detected: February 2017
Type: Data Breach
Title: Gamestop Data Breach
Description: A security breach has exposed the financial and personal data of Gamestop's online customers.
Type: Data Breach
Threat Actor: Hackers
Motivation: Data Theft
Title: GameStop Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving GameStop, Inc. on June 5, 2017. The breach occurred due to unauthorized access to its computer network, potentially exposing the personal and financial information of 27,956 Washington residents between August 10, 2016, and February 9, 2017.
Date Detected: 2017-06-05
Date Publicly Disclosed: 2017-06-05
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GAM11312922
Data Compromised: Customer card number, Expiration date, Name, Address, Card verification value (cvv2)
Payment Information Risk: High
Incident : Data Breach GAM959261123
Data Compromised: Names, Addresses, Card numbers, Expiration dates, Three-digit card verification values (cvv2)
Incident : Data Breach GAM428072725
Data Compromised: Personal information, Financial information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Card Number, Expiration Date, Name, Address, Card Verification Value (Cvv2), , Financial Data, Personal Data, , Personal Information, Financial Information and .
Which entities were affected by each incident ?
Incident : Data Breach GAM428072725
Entity Name: GameStop, Inc.
Entity Type: Retail
Industry: Gaming
Location: Washington
Customers Affected: 27956
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach GAM11312922
Communication Strategy: They immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges.
Incident : Data Breach GAM959261123
Communication Strategy: Postal letters to clients
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GAM11312922
Type of Data Compromised: Customer card number, Expiration date, Name, Address, Card verification value (cvv2)
Sensitivity of Data: High
Incident : Data Breach GAM959261123
Type of Data Compromised: Financial data, Personal data
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesCard NumbersExpiration DatesThree-digit Card Verification Values (CVV2)
Incident : Data Breach GAM428072725
Type of Data Compromised: Personal information, Financial information
Number of Records Exposed: 27956
References
Where can I find more information about each incident ?
Incident : Data Breach GAM428072725
Source: Washington State Office of the Attorney General
Date Accessed: 2017-06-05
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2017-06-05.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through They immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges. and Postal letters to clients.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach GAM959261123
Customer Advisories: Postal letters to clients
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Postal letters to clients.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Hackers.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on February 2017.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-06-05.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer card number, Expiration date, Name, Address, Card verification value (CVV2), , Names, Addresses, Card Numbers, Expiration Dates, Three-digit Card Verification Values (CVV2), , Personal Information, Financial Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Three-digit Card Verification Values (CVV2), Financial Information, Customer card number, Addresses, Name, Card Numbers, Names, Expiration Dates, Address, Card verification value (CVV2), Personal Information and Expiration date.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 335.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Washington State Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Postal letters to clients.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gamestop' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
