Kathmandu Holdings
March 14, 2019
•[ hack, retail ]
Clothing retailer Kathmandu Holdings confirms it is currently conducting an "urgent" investigation into a security incident that may have captured the personal information of customers, after an unidentified third party gained access to the website.
Estante Virtual
February 28, 2019
•[ leak, misconfiguration, retail ]
In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.
Topps
February 27, 2019
•[ financial, malware, retail ]
Sports trading card and collectible company Topps issues a data breach notification stating that it was affected by a Magecart attack, which possibly exposed the payment and address information of its customers.
LBB
February 14, 2019
•[ leak, misconfiguration, retail ]
In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe the data was exposed by a third party service and whilst it contained information they retain on their customers, it had also been enriched with additional data attributes.
Truluck's Seafood, Steak & Crab House
February 13, 2019
•[ financial, malware, retail ]
Credit card information for customers dining at Truluck's Seafood, Steak & Crab House in downtown Dallas and Southlake might have been copied by malware inserted into point of sale systems at the restaurants.
Dunkin' Donuts
February 12, 2019
•[ hack, brute-force, retail ]
Dunkin' Donuts announces that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts.
Pharmaca
February 9, 2019
•[ financial, retail ]
Pharmaca notifies customers of payment card breach affecting several retail locations. The incident occurred between July 19, and December 12, 2018.
Huddle House
February 1, 2019
•[ financial, hack, malware ]
Fast food restaurant chain Huddle House discloses that they were affected by a data breach in the point of sale system at some locations that allowed attackers to steal payment information.
Graeter's Ice Cream
January 21, 2019
•[ hack, malware, retail ]
Graeter's Ice Cream issues notices to 12,000 customers to customers who made purchases on its website last year, after an "unauthorized code" was added to the website's checkout page.
Discountmugs
January 10, 2019
•[ hack, malware, retail ]
Another victim of Magecart. Discountmugs.com reveals that anyone who used a credit between August 5, 2018, and November 16, 2018 may have had their information compromised.
BevMo
December 27, 2018
•[ financial, malware, retail ]
Alcohol retailer BevMo reveals that its website was breached, compromising the credit card data of nearly 15,000 customers: a "malicious code" placed on the checkout page, compromising data between Aug. 2 and Sept. 26.
Caribou Coffee
December 20, 2018
•[ hack, malware, retail ]
US coffee store chain Caribou Coffee announces a security breach after it discovered unauthorized access of its POS systems. The breach was discovered on November 28, and the company listed 239 stores of its total 603 locations as impacted.
Warby Parker
December 20, 2018
•[ hack, brute-force, retail ]
Warby Parker discloses that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain. The unauthorized activity started on Sept. 25 and continued through late November.
Wanelo
December 13, 2018
•[ hack, retail ]
In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 or bcrypt hashes. After the initial HIBP load, further data containing names, shipping addresses and IP addresses were also provided to HIBP, albeit without direct association to the email addresses and passwords. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
OppoSuits
December 3, 2018
•[ financial, hack, leak ]
Customers of Dutch clothing company OppoSuits are warned to monitor their credit card accounts after the firm discovers the Magecart malware planted on its website could have stolen the details of 7,000 customers.
Sotheby's
November 30, 2018
•[ financial, malware, retail ]
Sotheby's Home website is the latest casualty of Magecart after a breach sees card-skimming code deployed by the cyber criminals.
Dunkin' Donuts
November 29, 2018
•[ hack, brute-force, retail ]
Dunkin' Donuts informs some of its DD Perks program members that their account information may have been exposed through a credential stuffing attack. The incident was discovered on October 31, 2018.
