Vijay Sales
March 2, 2020
•[ leak, misconfiguration, retail ]
A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an "exposed backup server" breached in February 2020.
Tesco
March 2, 2020
•[ hack, brute-force, retail ]
Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.
Slickwraps
February 16, 2020
•[ leak, retail ]
In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers. Additional impacted data included names, physical addresses, phone numbers and purchase histories.
Charleston Lube Partners
February 14, 2020
•[ hack, malware, retail ]
Charleston Lube Partners reveals to have been hit by a PoS malware between February 14, 2019 and August 19, 2019.
Rutter's
February 13, 2020
•[ financial, malware, retail ]
Rutter's discloses that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information.
Home Chef
February 10, 2020
•[ leak, retail ]
In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
100 UPS Store Locations
January 21, 2020
•[ leak, phishing, retail ]
Sensitive personal and financial information of UPS Store customers is exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020.
Hanna Andersson
January 20, 2020
•[ hack, malware, retail ]
US children's apparel maker and online retailer Hanna Andersson discloses that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months.
Pampling
January 4, 2020
•[ hack, misconfiguration, retail ]
In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.
Tokopedia
January 1, 2020
•[ hack, retail ]
hacked
Wawa (company)
January 1, 2020
•[ hack, retail ]
hacked
Landry's
December 31, 2019
•[ financial, malware, retail ]
Restaurant chain Landry's discloses a security incident that involved the discovery of malware on the network of 63 restaurants. The malware was designed to collect payment card data from cards swiped at its bars and restaurants, and was active from March 13 to October 2019.
Islands restaurants
December 19, 2019
•[ financial, malware, retail ]
Islands restaurants announces a PoS malware incident.
Champagne French Bakery Cafe
December 19, 2019
•[ financial, malware, retail ]
Even Champagne French Bakery Cafe announces a credit card breach due to a PoS malware.
Wawa
December 19, 2019
•[ financial, malware, retail ]
Convenience store chain Wawa discloses today a card breach after its security team finds malware installed on its payment processing systems. The malware was installed on March 4 this year, and impacts potentially all locations.
Unnamed gas station in North America
December 14, 2019
•[ hack, malware, retail ]
Payments processor VISA says North American merchants who operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale (POS) malware on their networks. VISA has identified two specific attacks which were attributed to FIN8.
Love Bonito
December 13, 2019
•[ hack, malware, retail ]
Love Bonito reports a data breach, with personal and credit card information potentially accessed. The company discovered a malicious code being added to their e-commerce site on 10 Dec.
GoSport et Courir
December 12, 2019
•[ ransomware, malware, retail ]
GoSport et Courir is hit by a ransomware attack. 2 out of 84 shops are closed as a consequence of the attack.
