Russell Stover Chocolates
August 30, 2019
•[ financial, malware, retail ]
Russell Stover Chocolates reveals that a malware infection to its POS systems compromised customer's data between February 9, 2019 and August 7, 2019.
Hy-Vee
August 14, 2019
•[ financial, retail ]
Supermarket chain Hy-Vee publishes a warning to customers, after staff discovered a security breach on some of its point-of-sale (PoS) systems.
National Baseball Hall of Fame
August 7, 2019
•[ financial, hack, malware ]
The website for the National Baseball Hall of Fame is hacked to include a MageCart script that stole the payment information of customers who purchased items on the site. The infection occurred between November 15, 2018 and May 14, 2019.
Poshmark
August 1, 2019
•[ hack, retail ]
Poshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, discloses a data breach: an unauthorized party gained access to its servers from where it stole personal information.
StockX
August 1, 2019
•[ hack, retail ]
StockX, a popular site for buying and selling sneakers and other apparel, resets customer passwords after it is hacked back in May. More than 6.8 million records were stolen.
StockX
July 26, 2019
•[ leak, misconfiguration, retail ]
In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
MGM Resorts
July 25, 2019
•[ hack, leak, misconfiguration ]
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses, names, phone numbers and dates of birth and was subsequently shared on a popular hacking forum in February 2020 where it was extensively redistributed. The data was provided to HIBP by Under The Breach.
7-Eleven Japan
July 2, 2019
•[ financial, retail ]
Approximately 900 customers of 7-Eleven Japan have lost a collective of 55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names.
Tesco Twitter Account
June 25, 2019
•[ hack, retail ]
Tesco Twitter account is apparently hacked, changes its profile to a fake Bill Gates' profile, and starts promoting Bitcoin's scams.`
Target in the hotel-entertainment industry
June 10, 2019
•[ hack, malware, retail ]
Researchers from Morphisec Labs observe a new, highly sophisticated variant of the ShellTea/PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a target in the hotel-entertainment industry.
Leicester City FC
May 31, 2019
•[ financial, hack, retail ]
Leicester City FC notifies people who used its online shop that their financial details have been stolen by hackers, including credit card numbers and CVVs. The hack occurred between 23 April and 4 May, 2019.
Amazon
May 8, 2019
•[ financial, hack, retail ]
Amazon.com Inc. said it was hit by an "extensive" fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year.
EatStreet
May 3, 2019
•[ hack, malware, retail ]
In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers. An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Puma Australia
April 29, 2019
•[ financial, malware, retail ]
Puma Australia is the latest victim of a Magecart attack.
Bodybuilding
April 22, 2019
•[ social, phishing, retail ]
Bodybuilding.com notifies its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. Potentially 18M users are impacted.
Bodybuilding
April 22, 2019
•[ leak, phishing, retail ]
{"richText":[{"text":"Bodybuilding.com"},{"font":{"size":10,"color":{"argb":"FF000000"},"name":"Helvetica Neue","scheme":"minor"},"text":" notifies its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. Potentially 18M users are impacted."}]}
Atlanta Hawks
April 20, 2019
•[ financial, hack, malware ]
The online shop for the Atlanta Hawks professional NBA basketball team has malicious code injected into (Magecart Infection).
Klaussner Furniture
April 5, 2019
•[ hack, retail ]
Klaussner Furniture notifies more than 9,000 employees and their dependents of a data security incident when an unauthorized third party gained access to two computers on its network in February 2019.
Amerisleep
March 20, 2019
•[ financial, malware, retail ]
Also Amerisleep was affected by MageCart attacks starting in April 2017.
MyPillow
March 20, 2019
•[ hack, malware, retail ]
Researchers from RiskIQ reveal that MyPillow.com has had numerous MageCart attackers present on their site between October 2018 and November 2018.
