Tesco Twitter Account
June 25, 2019
•[ hack, retail ]
Tesco Twitter account is apparently hacked, changes its profile to a fake Bill Gates' profile, and starts promoting Bitcoin's scams.`
Target in the hotel-entertainment industry
June 10, 2019
•[ hack, malware, retail ]
Researchers from Morphisec Labs observe a new, highly sophisticated variant of the ShellTea/PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a target in the hotel-entertainment industry.
Leicester City FC
May 31, 2019
•[ financial, hack, retail ]
Leicester City FC notifies people who used its online shop that their financial details have been stolen by hackers, including credit card numbers and CVVs. The hack occurred between 23 April and 4 May, 2019.
Amazon
May 8, 2019
•[ financial, hack, retail ]
Amazon.com Inc. said it was hit by an "extensive" fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year.
EatStreet
May 3, 2019
•[ hack, malware, retail ]
In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers. An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Puma Australia
April 29, 2019
•[ financial, malware, retail ]
Puma Australia is the latest victim of a Magecart attack.
Bodybuilding
April 22, 2019
•[ social, phishing, retail ]
Bodybuilding.com notifies its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. Potentially 18M users are impacted.
Atlanta Hawks
April 20, 2019
•[ financial, hack, malware ]
The online shop for the Atlanta Hawks professional NBA basketball team has malicious code injected into (Magecart Infection).
Klaussner Furniture
April 5, 2019
•[ hack, retail ]
Klaussner Furniture notifies more than 9,000 employees and their dependents of a data security incident when an unauthorized third party gained access to two computers on its network in February 2019.
Amerisleep
March 20, 2019
•[ financial, malware, retail ]
Also Amerisleep was affected by MageCart attacks starting in April 2017.
MyPillow
March 20, 2019
•[ hack, malware, retail ]
Researchers from RiskIQ reveal that MyPillow.com has had numerous MageCart attackers present on their site between October 2018 and November 2018.
Kathmandu Holdings
March 14, 2019
•[ hack, retail ]
Clothing retailer Kathmandu Holdings confirms it is currently conducting an "urgent" investigation into a security incident that may have captured the personal information of customers, after an unidentified third party gained access to the website.
Estante Virtual
February 28, 2019
•[ leak, misconfiguration, retail ]
In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.
Topps
February 27, 2019
•[ financial, malware, retail ]
Sports trading card and collectible company Topps issues a data breach notification stating that it was affected by a Magecart attack, which possibly exposed the payment and address information of its customers.
LBB
February 14, 2019
•[ leak, misconfiguration, retail ]
In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe the data was exposed by a third party service and whilst it contained information they retain on their customers, it had also been enriched with additional data attributes.
Truluck's Seafood, Steak & Crab House
February 13, 2019
•[ financial, malware, retail ]
Credit card information for customers dining at Truluck's Seafood, Steak & Crab House in downtown Dallas and Southlake might have been copied by malware inserted into point of sale systems at the restaurants.
Dunkin' Donuts
February 12, 2019
•[ hack, brute-force, retail ]
Dunkin' Donuts announces that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts.
Pharmaca
February 9, 2019
•[ financial, retail ]
Pharmaca notifies customers of payment card breach affecting several retail locations. The incident occurred between July 19, and December 12, 2018.
Huddle House
February 1, 2019
•[ financial, hack, malware ]
Fast food restaurant chain Huddle House discloses that they were affected by a data breach in the point of sale system at some locations that allowed attackers to steal payment information.
Graeter's Ice Cream
January 21, 2019
•[ hack, malware, retail ]
Graeter's Ice Cream issues notices to 12,000 customers to customers who made purchases on its website last year, after an "unauthorized code" was added to the website's checkout page.
