Catch Hospitality Group
November 23, 2019
•[ financial, malware, retail ]
Catch Hospitality Group discloses that PoS systems at Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers.
Church's Chicken
November 22, 2019
•[ financial, retail ]
Church's Chicken investigates a possible data breach involving credit and debit card information at some of its company owned locations in the U.S.
Macy's
November 14, 2019
•[ financial, malware, retail ]
Macy's announces a data breach caused by Magecart card-skimming code being implanted in the firm's online payment portal. The incident was discovered on October 15, and was active since October 7.
Boardriders
November 6, 2019
•[ ransomware, malware, retail ]
Action sports giant Boardriders is hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world.
PEXSuperstore
November 4, 2019
•[ financial, malware, retail ]
Researchers from PerimeterX reveal that PEXSuperstore.com is the latest victim of a Magecart attack (simultaneously by two different criminal groups).
Bed Bath & Beyond
October 29, 2019
•[ leak, retail ]
Bed Bath & Beyond discloses that an unauthorized party obtained login information for some of its customers (1% of customer base).
Krystal
October 28, 2019
•[ retail ]
U.S. fast-food restaurant chain Krystal discloses a security incident involving one of is payment processing systems and affecting some of its restaurants between July and September 2019.
Sixth June
October 28, 2019
•[ financial, malware, retail ]
French fashion online store Sixth June is infected some time ago with code that steals payment card info at checkout.
TOMS Shoes
October 6, 2019
•[ hack, retail ]
A hacker dubbed Nathan uses the mailing list of retailer TOMS Shoes to tell users it's time to log off.
Schlotzsky's
October 2, 2019
•[ hack, malware, retail ]
McAlister's Deli, Moe's Southwest Grill, and Schlotzsky's (all of them owned by Focus Brands) disclose publicly that their networks were infected with point-of-sale malware.
ASICS Store in Auckland
September 29, 2019
•[ hack, misconfiguration, retail ]
Major sportswear brand Asics blames a "cyberattack" after large storefront display screens played pornography to passersby for nine hours. The incident took place at a busy Asics store on a major high street in Auckland.
The Halloween Spot
September 27, 2019
•[ leak, misconfiguration, retail ]
In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone numbers and order histories. The Halloween Spot advised customers the breach was traced back to "an old shipping information database".
Russell Stover Chocolates
August 30, 2019
•[ financial, malware, retail ]
Russell Stover Chocolates reveals that a malware infection to its POS systems compromised customer's data between February 9, 2019 and August 7, 2019.
Hy-Vee
August 14, 2019
•[ financial, retail ]
Supermarket chain Hy-Vee publishes a warning to customers, after staff discovered a security breach on some of its point-of-sale (PoS) systems.
National Baseball Hall of Fame
August 7, 2019
•[ financial, hack, malware ]
The website for the National Baseball Hall of Fame is hacked to include a MageCart script that stole the payment information of customers who purchased items on the site. The infection occurred between November 15, 2018 and May 14, 2019.
Poshmark
August 1, 2019
•[ hack, retail ]
Poshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, discloses a data breach: an unauthorized party gained access to its servers from where it stole personal information.
StockX
August 1, 2019
•[ hack, retail ]
StockX, a popular site for buying and selling sneakers and other apparel, resets customer passwords after it is hacked back in May. More than 6.8 million records were stolen.
StockX
July 26, 2019
•[ leak, misconfiguration, retail ]
In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
MGM Resorts
July 25, 2019
•[ hack, leak, misconfiguration ]
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses, names, phone numbers and dates of birth and was subsequently shared on a popular hacking forum in February 2020 where it was extensively redistributed. The data was provided to HIBP by Under The Breach.
7-Eleven Japan
July 2, 2019
•[ financial, retail ]
Approximately 900 customers of 7-Eleven Japan have lost a collective of 55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names.
