The National Baseball Hall of Fame’s web site had a malicious script injected into their online store between November 15, 2018 and May 14, 2019. The information that could have been stolen includes a customer’s name, address and credit or debit card information. The attack only affected customers who purchased items from the web site and not in the museum itself. The script is built to look like a legitimate Google Analytics script, but if you analyze it it is monitoring the shop’s billing form that has an ID of “co-billing-form”””
Source: https://www.bleepingcomputer.com/news/security/national-baseball-hall-of-fame-hit-by-payment-card-stealing-attack/