Pro Wrestling Tees is providing more information on their recent data breach.
On December 18, Pro Wrestling Tees issued a statement regarding a data breach that they were made aware of on November 1, 2021. In their statement, they encouraged customers to enroll in a free IDX identity protection service, providing a website specifically related to Pro Wrestling Tees. Fightful reached out to AEWShop, which operates as the same customer service as Pro Wrestling Tees, and were directed to the PWT IDX FAQ.
Upon further inspection of the IDX site, Pro Wrestling Tees says they have conducted an extensive forensic investigation of its computer system and have enhanced cyber security protocols to eliminate the risk of this incident occurring again.
In regards to those that have asked why they weren't notified earlier, Pro Wrestling Tees said the reason was the data breach was part of an active federal investigation with law enforcement agencies.
Once the investigation was completed, a list was compiled of only those customers who were affected by the breach. This list was handed off to the data breach notification company to send out letters directly to those customers who were affected.
It is also noted to Fightful that only the Pro Wrestling Tees site was affected. ShopAEW, Global ShopAEW, All Elite Crate, and Pro Wrestling Crate were not affected.
In an email reply to Twitter user Joe Sposto, Pro Wrestling Tees advised customers to use PayPal moving forward and also claimed They were instructed by their insurance carrier's attorneys to allow them to handle all notifications to those affected as this only affected a small percentage of customers. The e-mail stated, "We were instructed not to post about this on social media because it would attract more hackers."
Pro Wrestling Tees also claimed they do not store card info within their software and only those who used their checkout page were affected. They also say they were able to identify and remove the source of the malware and "install newer high-end security to ensure this does not happen again."
You can see the full thread recapping the email reply here.
Per Illinois law concerning data breach, "the disclosure notification shall be made in the most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system."
Fightful will continue to monitor the story and report any and all updates.