GameStop
Company Details
Linkedin ID:
gamestop
Website:
Employees number:
16,849
Number of followers:
146,370
NAICS:
43
Industry Type:
Homepage:
gamestop.com
IP Addresses:
0
Company ID:
GAM_1124017
Scan Status:
In-progress
GameStop Company CyberSecurity Posture
gamestop.com
GameStop offers games, entertainment products and technology through its e-commerce properties and stores.
GameStop A.I CyberSecurity Scoring
GameStop Risk Score (AI oriented)Between 750 and 799
GameStop
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GameStop Global Score (TPRM)XXXX
GameStop
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GameStop Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
GameStop
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: GameStop.com website suffered from a data breach incident in February 2017. The compromised information includes customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards. They immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges.
GameStop, Inc.
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Washington State Office of the Attorney General reported a data breach involving GameStop, Inc. on June 5, 2017. The breach occurred due to unauthorized access to its computer network, potentially exposing the personal and financial information of 27,956 Washington residents between August 10, 2016, and February 9, 2017.
GameStop
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A security breach has exposed the financial and personal data of Gamestop's online customers. Clients received postal letters from the corporation, which also stated that the credit card or bank card information of an unspecified number of online clients had been compromised. Hackers gained access to names, addresses, card numbers, expiration dates, and the three-digit card verification values (CVV2). The corporation claims that neither retail customers nor the PoS systems at the company stores were compromised by the security vulnerability."
GameStop Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GameStop
Incidents vs Retail Industry Average (This Year)
No incidents recorded for GameStop in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for GameStop in 2025.
Incident Types GameStop vs Retail Industry Avg (This Year)
No incidents recorded for GameStop in 2025.
Incident History — GameStop (X = Date, Y = Severity)
GameStop cyber incidents detection timeline including parent company and subsidiaries
GameStop Company Subsidiaries
GameStop offers games, entertainment products and technology through its e-commerce properties and stores.
Loading...
GameStop Similar Companies
Our Purpose – Live Life Well Loblaw Companies Limited is Canada’s food and pharmacy leader, the nation’s largest retailer, and the majority unit holder of Choice Properties Real Estate Investment Trust. Loblaw – and its portfolio of grocery, health and beauty, financial services and apparel busines
BİM Birleşik Mağazalar A.Ş
Türkiye’de perakende sektörünün lideri olan BİM Birleşik Mağazalar A.Ş., temel gıda ve tüketim malzemelerinin uygun fiyat ve yüksek kaliteyle tüketiciye ulaştırılması hedefiyle faaliyetlerine 1995 yılında 21 mağazayla başlamıştır. Yüksek indirim (hard-discount) modelinin Türkiye’deki ilk temsilcisi
Abercrombie & Fitch Co.
Abercrombie & Fitch Co. (NYSE: ANF) is a global, digitally led omnichannel specialty retailer of apparel and accessories catering to kids through millennials with assortments curated for their specific lifestyle needs. The company operates a family of brands, including Abercrombie brands and Holli
Skechers is a Fortune 500® company — a growth-oriented brand that designs, develops, and markets a diverse product portfolio of lifestyle and performance footwear, apparel and accessories for men, women and children around the globe. Skechers is focused on designing products that deliver style, com
Albert Heijn
Bij Albert Heijn geloven we dat eten en drinken een essentiële rol speelt bij de grote uitdagingen in de maatschappij. Het levert een belangrijke bijdrage aan een gezonde levensstijl, het verbindt mensen en draagt bij aan een beter klimaat en daarmee een duurzame samenleving. Onze missie is dan ook:
Lidl in Germany
Anpacker. Durchstarter. Möglichmacher. Alle reden vom Kundenfokus, Customer first, dem Kunden als König. Wir finden, das ist zu kurz gedacht und würden es so formulieren: Der Mensch ist Dreh- und Angelpunkt unseres Erfolgs. Dazu gehört neben einer Kunden- auch die Mitarbeiterfokussierung. Und genau
At Kroger, we believe no matter who you are or how you like to shop, everyone deserves affordable, easy-to-enjoy, fresh food. This idea is embodied in our simple tagline—Fresh for Everyone™. Kroger ranks as one of the world’s largest retailers. We are nearly half a million associates across 2,800
Tractor Supply Company
For more than 85 years, Tractor Supply has been passionate about serving the needs of recreational farmers, ranchers, homeowners, gardeners, pet enthusiasts and all those who enjoy living Life Out Here. Tractor Supply is the largest rural lifestyle retailer in the U.S., ranking 296 on the Fortune 50
Titan Company Limited
Titan Company Ltd is the organization that brought about a paradigm shift in the Indian watch market when it introduced its futuristic quartz technology, complemented by international styling. With India's two most recognized and loved brands Titan and Tanishq to its credit, Titan Company Ltd is the
.png)
GameStop CyberSecurity News
October 31, 2025 07:00 AM
Croc And Buck The GameStop Bunny Star In New ModRetro Chromatic Titles, Out Soon
Croc: 25th Anniversary Edition will launch in December, while Buck and the Cursed Cartridge is now available to order.
October 23, 2025 07:00 AM
GameStop surges amid bullish options flows
The stock's put/call ratio is poised for its second-lowest day of the year....
October 06, 2025 07:00 AM
GameStop Restocks Shiny Pokemon Codes As Fans Complain Of Scarcity And Scalping
The distribution event for Shiny Koraidon and Miraidon in Pokemon Scarlet and Violet has been a messy affair.
October 06, 2025 07:00 AM
GameStop blames Pokemon Company for botched Scarlet and Violet shiny giveaway: "Not our decision"
When you buy through links on our articles, Future and its syndication partners may earn a commission. Koraidon in Pokémon Scarlet.
October 04, 2025 07:00 AM
'Xbox Game Pass Ultimate is still $19.99 with us': GameStop somehow openly brushes off Game Pass price hike
Irked by the Game Pass price increase? GameStop vows to keep selling subscriptions at the old price.
October 03, 2025 07:00 AM
GameStop promises to keep selling Game Pass Ultimate for $19.99 — company defies Microsoft's 50% price increase
GameStop says it will continue to offer Xbox Game Pass Ultimate at its old price of $19.99 after Microsoft raised the price by 50%.
September 15, 2025 07:00 AM
Should You Buy the Dip in This Cybersecurity Stock in September 2025?
After its high-profile IPO and a post-earnings dip, SailPoint still boasts robust 33% revenue growth, expanding strategic partnerships,...
June 13, 2025 07:00 AM
White & Case advises GameStop Corp. on upsized US$2.25 billion notes offering
Global law firm White & Case LLP has advised GameStop Corp. (NYSE: GME) on its upsized issuance of US$2.25 billion aggregate principal...
April 05, 2025 07:00 AM
Cybercrime Diary, Vol. 2, No. 2: Who’s Hacked? Latest Data Breaches And Cyberattacks
Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015. That's a staggering 15X increase in...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GameStop CyberSecurity History Information
Official Website of GameStop
The official website of GameStop is https://www.gamestop.com.
GameStop’s AI-Generated Cybersecurity Score
According to Rankiteo, GameStop’s AI-generated cybersecurity score is 762, reflecting their Fair security posture.
How many security badges does GameStop’ have ?
According to Rankiteo, GameStop currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does GameStop have SOC 2 Type 1 certification ?
According to Rankiteo, GameStop is not certified under SOC 2 Type 1.
Does GameStop have SOC 2 Type 2 certification ?
According to Rankiteo, GameStop does not hold a SOC 2 Type 2 certification.
Does GameStop comply with GDPR ?
According to Rankiteo, GameStop is not listed as GDPR compliant.
Does GameStop have PCI DSS certification ?
According to Rankiteo, GameStop does not currently maintain PCI DSS compliance.
Does GameStop comply with HIPAA ?
According to Rankiteo, GameStop is not compliant with HIPAA regulations.
Does GameStop have ISO 27001 certification ?
According to Rankiteo,GameStop is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of GameStop
GameStop operates primarily in the Retail industry.
Number of Employees at GameStop
GameStop employs approximately 16,849 people worldwide.
Subsidiaries Owned by GameStop
GameStop presently has no subsidiaries across any sectors.
GameStop’s LinkedIn Followers
GameStop’s official LinkedIn profile has approximately 146,370 followers.
NAICS Classification of GameStop
GameStop is classified under the NAICS code 43, which corresponds to Retail Trade.
GameStop’s Presence on Crunchbase
Yes, GameStop has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/gamestop.
GameStop’s Presence on LinkedIn
Yes, GameStop maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gamestop.
Cybersecurity Incidents Involving GameStop
As of November 27, 2025, Rankiteo reports that GameStop has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
GameStop has an estimated 15,241 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at GameStop ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does GameStop detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with they immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges., and communication strategy with postal letters to clients..
Incident Details
Can you provide details on each incident ?
Title: GameStop.com Data Breach
Description: GameStop.com website suffered from a data breach incident in February 2017. The compromised information includes customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards.
Date Detected: February 2017
Type: Data Breach
Title: Gamestop Data Breach
Description: A security breach has exposed the financial and personal data of Gamestop's online customers.
Type: Data Breach
Threat Actor: Hackers
Motivation: Data Theft
Title: GameStop Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving GameStop, Inc. on June 5, 2017. The breach occurred due to unauthorized access to its computer network, potentially exposing the personal and financial information of 27,956 Washington residents between August 10, 2016, and February 9, 2017.
Date Detected: 2017-06-05
Date Publicly Disclosed: 2017-06-05
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GAM11312922
Data Compromised: Customer card number, Expiration date, Name, Address, Card verification value (cvv2)
Payment Information Risk: High
Incident : Data Breach GAM959261123
Data Compromised: Names, Addresses, Card numbers, Expiration dates, Three-digit card verification values (cvv2)
Incident : Data Breach GAM428072725
Data Compromised: Personal information, Financial information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Card Number, Expiration Date, Name, Address, Card Verification Value (Cvv2), , Financial Data, Personal Data, , Personal Information, Financial Information and .
Which entities were affected by each incident ?
Incident : Data Breach GAM428072725
Entity Name: GameStop, Inc.
Entity Type: Retail
Industry: Gaming
Location: Washington
Customers Affected: 27956
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach GAM11312922
Communication Strategy: They immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges.
Incident : Data Breach GAM959261123
Communication Strategy: Postal letters to clients
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GAM11312922
Type of Data Compromised: Customer card number, Expiration date, Name, Address, Card verification value (cvv2)
Sensitivity of Data: High
Incident : Data Breach GAM959261123
Type of Data Compromised: Financial data, Personal data
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesCard NumbersExpiration DatesThree-digit Card Verification Values (CVV2)
Incident : Data Breach GAM428072725
Type of Data Compromised: Personal information, Financial information
Number of Records Exposed: 27956
References
Where can I find more information about each incident ?
Incident : Data Breach GAM428072725
Source: Washington State Office of the Attorney General
Date Accessed: 2017-06-05
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2017-06-05.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through They immediately reported the incident to the bank that issued the card because payment card network rules generally state that cardholders were not responsible for unauthorized charges. and Postal letters to clients.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach GAM959261123
Customer Advisories: Postal letters to clients
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Postal letters to clients.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Hackers.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on February 2017.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2017-06-05.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer card number, Expiration date, Name, Address, Card verification value (CVV2), , Names, Addresses, Card Numbers, Expiration Dates, Three-digit Card Verification Values (CVV2), , Personal Information, Financial Information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Card verification value (CVV2), Card Numbers, Three-digit Card Verification Values (CVV2), Name, Financial Information, Personal Information, Expiration Dates, Expiration date, Addresses, Address and Customer card number.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 335.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Washington State Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Postal letters to clients.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gamestop' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
