Frame & Optic
January 16, 2025
•[ leak, retail ]
In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Thomas Cook (India) Ltd.
December 31, 2024
•[ hack, retail ]
Global travel agency Thomas Cook's Indian arm closes its affected systems after a cyber attack takes down its IT infrastructure.
Concession Peugeot
December 15, 2024
•[ ransomware, malware, retail ]
Cicada3301 ransomware group claims responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent French automotive dealership linked to the Peugeot brand. The group claims to have stolen 35GB of sensitive data
Fota Wildlife Park
December 5, 2024
•[ financial, hack, leak ]
People who purchased tickets to visit Fota Wildlife Park in Cork, Ireland, are warned to cancel their bank cards following the discovery of a cyberattack that may have exposed the data on those cards.
Multiple e-commerce platforms
December 2, 2024
•[ leak, retail ]
At least 100,000 customers' personal information, including credit cards, is believed to have been stolen from 11 e-commerce websites from multiple organizations in Japan including the coffee chain Tully's Coffee Japan and the national federation of fisheries cooperatives (JF Zengyoren).
Krispy Kreme
November 29, 2024
•[ ransomware, malware, retail ]
US doughnut chain Krispy Kreme reveals it suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. The Play ransomware gang claims responsibility for the attack.
Central Group
November 20, 2024
•[ leak, retail ]
A threat actor with the moniker 0mid16B claims to have breached the1 Card membership system across every retail and consumer brand under the Central Group, and to have stolen 5,108,826 records.
American Associated Pharmacies
November 18, 2024
•[ ransomware, malware, retail ]
Ransomware group Embargo threatens to publish nearly 1.5 terabytes of data allegedly stolen in an attack on American Associated Pharmacies, a collaborative of 2,000 independent pharmacies.
Ahold Delhaize
November 8, 2024
•[ hack, retail ]
Ahold Delhaize, the Dutch parent company of Stop & Shop, Hannaford, Food Lion, and Giant Food releases a statement warning that it recently discovered a cyberattack within its U.S. network.
Individuals
October 31, 2024
•[ financial, phishing, retail ]
Researchers at Human reveal that more than 1,000 legitimate shopping sites have been compromised to promote fake product listings in a credit card phishing scheme dubbed Phish n Ships,
AEP
October 28, 2024
•[ ransomware, malware, retail ]
German pharmaceutical distributor AEP is hit with a ransomware attack.
SelectBlinds
September 28, 2024
•[ financial, malware, retail ]
More than 200,000 who shopped for blinds or window dressing this year had their credit card information and other data stolen after threat actors placed malware on the website of SelectBlinds, a major retailer.
Pepe Jeans
September 12, 2024
•[ hack, retail ]
Pepe Jeans is also hit by the same spree of cyber attacks targeting the French retailers.
Boulanger
September 8, 2024
•[ leak, retail ]
Boulanger, a French retailer, says in a statement that threat actors accessed customers' delivery addresses but no banking data was leaked.
Tendam
September 7, 2024
•[ ransomware, malware, retail ]
Spanish fashion multinational Tendam is hit with a ransomware attack by the Medusa group. The attackers claim to have stolen 724.59 GB of confidential data from the company's servers and are demanding a ransom of $800,000.
Boulanger
September 6, 2024
•[ hack, leak, retail ]
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
schenkYOU
August 15, 2024
•[ hack, retail ]
In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store.
Welhof
August 14, 2024
•[ leak, retail ]
In August 2024, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Truffaut
August 1, 2024
•[ leak, retail ]
Truffaut, another retailer in France also suffers a breach impacting around 277,000 records.
Lulu Hypermarket
July 10, 2024
•[ leak, retail ]
Lulu Hypermarket experiences a data breach, exposing over 200,000 customer records. The attack, claimed by IntelBroker, includes personal details such as email addresses and phone numbers. The full database, allegedly containing millions of user and order details, might be leaked in the future.
