Beckett Collectibles 2025 Data Breach

Beckett Collectibles Sports Card Marketplace Breach (2025): 1 Million User Records Including Home Address Exposed — Website Defaced | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Unknown (advertised on hacking forum)RetailCollectiblesEmail AddressFull NamePhone NumberPhysical AddressUsername
Moderate SeverityWebsite / service breach

Beckett Collectibles Sports Card Marketplace Breach (2025): 1 Million User Records Including Home Address Exposed — Website Defaced

Sports and entertainment collectibles grading and marketplace.

Verified by ObscureIQ Intelligence
54/100Breach Risk Index
8Data Value
60Market Recency
158dSince Breach

Breach Intelligence Summary

Entity: Beckett Collectibles · Actor: Unknown (advertised on hacking forum) · Sources: 2 references
Attack: Unknown
Profile: Company · Collectibles grading and authentication · Sports and memorabilia certification services · USA
Timeline: Breach (2025-11-09) · Indexed (Nov 20, 2025) · Year (2025)
Exposure: 1.0M records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Username
Status: Confirmed

Executive Summary

Beckett Collectibles suffered a data breach in November 2025 that included the public defacement of part of its website. A threat actor advertised the stolen database for sale on a hacking forum, and portions of the data circulated publicly through dark-web markets and breach-tracking sites in the weeks that followed.\n\nThe leaked data covered more than one million customer records. Fields included names, usernames, email addresses, phone numbers, and physical billing and shipping addresses. The first publicly circulating subset of around 541,000 email addresses focused on North American customers, with a larger corpus of about 1.04 million records surfacing the following month. Have I Been Pwned independently verified and indexed the dataset.\n\nBeckett Collectibles did not publicly confirm or characterize the incident in any detail in the immediate aftermath, leaving affected users to learn of the breach through cybersecurity outlets and breach-tracking services. For affected individuals, the principal risks are phishing, account takeover at services where the same email and password were reused, and physical-security concerns linked to the exposure of home shipping addresses. Customers who hold high-value collectibles face an elevated targeting risk, since the dataset effectively maps a population of likely owners of expensive cards and memorabilia. Anyone with a Beckett account should change passwords there and on any service using the same credentials, and treat any unsolicited contact about pickup, authentication, or shipping with caution.

ObscureIQ assessment: Exposure enables phishing, fraud, and affluent-customer targeting. Submission history can also reveal ownership of valuable collectibles and create physical-security concerns.

Breach Impact

The most prominent institutional cost so far has been reputational rather than financial. Beckett's silence in the weeks after the breach surfaced drew sharp customer criticism on social media and prompted independent cybersecurity outlets to publish follow-up coverage when the company did not. There has been no public regulatory action, settlement, or class-action filing announced as of early 2026, but the underlying conditions for one exist: a verified breach of consumer data, a high-value customer base, and a notable gap in disclosure. Operationally, Beckett's grading and marketplace services have continued, and there is no public indication that authenticated grading workflows themselves were affected.

About Beckett Collectibles

Beckett Collectibles is a U.S.-based grading, authentication, and marketplace company focused on sports cards, trading cards, and entertainment collectibles. The brand traces back to 1979 as a price guide and has since grown into a multi-service business covering certification, magazines, online marketplace listings, and submission management. Its customer base ranges from casual hobbyists to professional dealers and high-value collectors. The business operates from offices in the Dallas-Fort Worth area and processes large volumes of customer submission, shipping, and payment-related records as part of its grading and trading workflow.

Why They Hold Your Data

Collectibles-grading and authentication firms collect customer identity, addresses, order history, item-submission records, payment-adjacent data, and collector account activity across appraisal and marketplace workflows.

Recent Developments

A data breach involving Beckett Collectibles came to public attention in mid-November 2025, accompanied by website content defacement. Customer records were advertised for sale on a hacking forum, and portions of the dataset were subsequently leaked publicly. As of early 2026, Beckett Collectibles had not issued a public statement directly acknowledging or characterizing the incident, and customers reported that the company had temporarily made phone support unavailable as inquiries surged. Have I Been Pwned independently verified and indexed the leaked data, ultimately covering more than 1 million records.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Cross-platform tracking & credential stuffing

Threat Actor: Unknown (advertised on hacking forum)

Unknown (advertised on hacking forum)
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Beckett Collectibles breach?

Beckett Collectibles suffered a data breach in November 2025 that included the public defacement of part of its website. A threat actor advertised the stolen database for sale on a hacking forum, and portions of the data circulated publicly through dark-web markets and breach-tracking sites in the…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation