Newegg
September 19, 2018
•[ financial, malware, retail ]
Researchers from RiskIQ, together with Volexity, reveal that California-based retailer Newegg is the latest well-known merchant to succumb to the Magecart group.
Saverspy
September 17, 2018
•[ leak, misconfiguration, retail ]
Bob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.
Groopdealz
September 14, 2018
•[ hack, malware, retail ]
Groopdealz joins the list of the victims of the Magecart group.
FreshMenu
September 10, 2018
•[ hack, retail ]
The Indian online food platform FreshMenu admits to have hidden a data breach affecting 110K users for two years. The data breach happened on July 1, 2016.
C&A
August 30, 2018
•[ leak, retail ]
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
Cheddar Scratch Kitchen
August 22, 2018
•[ hack, malware, retail ]
Restaurants in 23 states belonging to Cheddar Scratch Kitchen are affected by a cyberattack that exposed payment card information. The amount of impacted card details is estimated to be 567,000 and were stolen between November 3, 2017, and January 2, 2018.
Superdrug
August 20, 2018
•[ hack, retail ]
Superdrug confirms that hackers claim to have obtained the personal details of almost 20,000 individuals who shopped online at Superdrug.
HauteLook
August 7, 2018
•[ leak, retail ]
In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Jersey Mike's Subs
July 31, 2018
•[ leak, retail ]
Jersey Mike's Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.
BP
July 11, 2018
•[ hack, retail ]
BP emails about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. The company originally thought about 10,000 applicants' data had been breached.
Macy's Inc.
July 9, 2018
•[ hack, phishing, retail ]
Macy's Inc. warns customers that hackers compromised the login information of some users of the retailer's websites. The suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com.
Gas station in Detroit
July 9, 2018
•[ hack, misconfiguration, retail ]
Police in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump.
Fashion Nexus
July 9, 2018
•[ leak, misconfiguration, retail ]
In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris. The various sites exposed in the incident included a range of different data types including names, phone numbers, addresses and passwords stored as a mix of salted MD5 and SHA-1 as well as unsalted MD5 passwords. When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received.
B&B Hospitality Group
July 6, 2018
•[ financial, retail ]
B&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.
Fortnum & Mason
July 2, 2018
•[ leak, misconfiguration, retail ]
Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
Adidas
June 28, 2018
•[ leak, retail ]
Adidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers.
Red Hen Restaurant
June 27, 2018
•[ hack, retail ]
Researchers from Malwarebytes discover that the Red Hen restaurant that refused to serve Sarah Sanders is hit by a SEO Spam cyberattack.
Buffalo Wild Wings
June 1, 2018
•[ hack, phishing, retail ]
A hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the "secret recipe" for the company's wings.
Romwe
June 1, 2018
•[ hack, retail ]
In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Bombas
May 21, 2018
•[ hack, malware, retail ]
Bombas notifies consumers of breach going back to 2015 when malware in the code of the e-commerce platform was identified and removed on February 9, 2015.
