The company hasn't released any numbers yet, but anyone who placed an online order with them between August 10, 2016 and February 9, 2017 is at risk. That's quite a long time and it's safe to say many people were exposed. Names, addresses and credit card information were compromised and the reports from April speculated that the three-digit security numbers were taken as well.
The company said in a statement to Kotaku, "GameStop identified and addressed a potential security incident that was related to transactions made on GameStop's website during a specific period of time. GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take."
It hasn't been a great time for GameStop. Earlier this year, it announced that it would be closing around 150 stores after increases in digital downloads led to sustained drops in the company's sales. The company formed its own publishing wing last year in order to stay relevant in the increasingly digital gaming world.
This data breach is yet another setback for GameStop and this time, it's a setback for its customers as well.