Manutan Group
February 24, 2021
•[ ransomware, malware, retail ]
The Manutan Group is hit with a ransomware attack.
Coleman Group of Companies
February 20, 2021
•[ hack, retail ]
he Coleman Group of Companies says it was the target of a cyberattack in late February and has reason to believe some of its human resources and payroll files were accessed.
Kia Motors America
February 16, 2021
•[ ransomware, malware, retail ]
Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.
Discount Car and Truck Rentals
February 13, 2021
•[ ransomware, malware, retail ]
Canadian Discount Car and Truck Rentals is hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.
Canadian Discount Car and Truck Rentals
February 13, 2021
•[ ransomware, malware, retail ]
Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.
Ifmal
February 6, 2021
•[ leak, retail ]
A database containing 200,000 users of Ifmal, a Malaysian e-commerce platform is put on sale on a forum.
Guess, Inc.
February 2, 2021
•[ ransomware, malware, retail ]
Guess, Inc. notifies customers of a data breach that revealed personal and financial information; Guess, Inc. is listed on DarkSide's data leak site.
Home Hardware Stores
February 1, 2021
•[ ransomware, malware, retail ]
Home Hardware Stores acknowledges to have been hit by a ransomware attack in February.
KomplettFritid
February 1, 2021
•[ leak, misconfiguration, retail ]
In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords. Most passwords were stored as bcrypt hashes with a small number appearing in plain text.
Moncler
January 30, 2021
•[ ransomware, malware, retail ]
Italian luxury fashion giant is hit with ransomware, data is sold online.
Bookchor
January 28, 2021
•[ leak, misconfiguration, retail ]
In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was subsequently traded on a popular hacking forum.
Driveline Retail Merch., Inc.
January 25, 2021
•[ leak, phishing, retail ]
Driveline Retail Merch., Inc. suffered a phishing attack which resulted in the disclosure of current and former employees' sensitive information.
Bonobos
January 22, 2021
•[ leak, misconfiguration, retail ]
Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup of their database was downloaded by a threat actor.
Dairy Farm
January 14, 2021
•[ ransomware, malware, retail ]
Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.
Bourse des Vols
January 12, 2021
•[ leak, sqlinjection, retail ]
In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel histories including names, phone numbers, IP and physical addresses, dates of birth along with flights taken and purchases.
Guns.com
January 12, 2021
•[ hack, retail ]
In January 2021, the firearms website guns.com suffered a data breach. The breach exposed 376k unique email addresses along with names, phone numbers, physical addresses, gun purchases, partial credit card data, dates of birth and passwords stored as bcrypt hashes.
ModaOperandi
December 31, 2020
•[ leak, retail ]
A data broker is selling 368.8 million stolen user records from twenty-six companies on a hacker forum. One of these victims is ModaOperandi.com.
MEO
December 24, 2020
•[ leak, misconfiguration, retail ]
In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes. MEO did not respond to multiple attempts to report the breach.
