https://www.bleepingcomputer.com/news/security/toppscom-sports-collectible-site-exposes-payment-info-in-magecart-attack/

Last week, the sports trading card and collectible company Topps issued a data breach notification stating that it was affected by an attack, which possibly exposed the payment and address information of its customers.

This type of attack is called a MageCart attack, which is when attackers hack a site to inject a malicious script into a site's checkout or cart pages. When a visitor enters their payment and address information, this script will copy the submitted data and send it to a remote server for the attackers to collect.