Boomerang rebound: Site shut amid credit card securo-fears

For 'maintenance' read 'oh bugger'

Games for Windows Marketplace

Video game rental company Boomerang Rentals has pulled down the shutters on its websites amidst unconfirmed concerns that it have may have suffered a security breach that spilled customers' credit card details.

Boomerang's homepage has been "down for maintenance" since Sunday. The move followed multiple customers reporting instances of fraud seemingly linked to Boomerang in a thread on Reddit.

In response, Boomerang Rentals said it was investigating "approximately 30 people who have stated that they have had fraudulent transaction attempts against their card and either are or have been a member of our service" without conceding that it might have had a breach.

An official statement (PDF) from Boomerang on Monday plays down concerns that it was responsible for a breach while letting people know that it's concerned enough to undertake a full investigation, which is likely to take some days.

Following an initial enquiry at the end of last week, we have had a number of customers raise concerns regarding fraudulent payment attempts on their card details that are also registered with us.

We are fully investigating this issue and have temporarily removed access to our website while this continues.

We have contacted our Payment Provider Sagepay and our Merchant Bank WorldPay and neither have any reported concerns relating to us.

However, please be assured we are treating this with the utmost urgency and can provide more information on our findings as they become available.

If you have any concerns, please contact your card issuer. We apologise for any inconvenience the removal of our site has caused and thank you for your patience as we continue to investigate further.

El Reg called the support number on the Boomerang Rentals website and left a message on its voicemail system requesting comment. We're yet to hear back but will update this story as and when we hear more.

We began looking into the matter following a tip-off from Reg reader Derek.

"A friend noticed fraudulent transactions on his card which seems to point to his details having been leaked by video game rental company Boomerang Rentals who he recently signed up with," Derek explained.

"He posted his suspicions on Reddit and there are quite a lot of comments from other Boomerang customers also seeing fraud on their accounts."

Derek adds that he has reported the matter to the Information Commissioner's Office and is advising the other posters on Reddit to cancel their cards. ®

An ICO spokesperson said: "We are aware of the potential incident at Boomerang Rentals and are looking into the details. If customers are worried about fraudulent activity we recommend following the advice on the www.actionfraud.police.uk website."




Biting the hand that feeds IT © 1998–2018