Radisson Hotel Group
October 31, 2018
•[ leak, retail ]
The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme. The incident happened on September 11, but was identified only on October first.
Shopper Approved
October 9, 2018
•[ hack, malware, retail ]
Shopper Approved is the latest victim of the Magecart gang. The incident took place on September 15.
Burgerville
September 30, 2018
•[ financial, retail ]
Burgerville reveals a data breach impacting the chain which may have led to the theft of detailed credit card information belonging to customers.
Recipe Unlimited
September 28, 2018
•[ ransomware, malware, retail ]
Recipe Unlimited, a Canadian restaurant chain that operates over 20 restaurant brands, suffers a country-wide outage of its IT systems over the weekend in a ransomware incident.
Newegg
September 19, 2018
•[ financial, malware, retail ]
Researchers from RiskIQ, together with Volexity, reveal that California-based retailer Newegg is the latest well-known merchant to succumb to the Magecart group.
Saverspy
September 17, 2018
•[ leak, misconfiguration, retail ]
Bob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.
Groopdealz
September 14, 2018
•[ hack, malware, retail ]
Groopdealz joins the list of the victims of the Magecart group.
FreshMenu
September 10, 2018
•[ hack, retail ]
The Indian online food platform FreshMenu admits to have hidden a data breach affecting 110K users for two years. The data breach happened on July 1, 2016.
C&A
August 30, 2018
•[ leak, retail ]
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
Cheddar Scratch Kitchen
August 22, 2018
•[ hack, malware, retail ]
Restaurants in 23 states belonging to Cheddar Scratch Kitchen are affected by a cyberattack that exposed payment card information. The amount of impacted card details is estimated to be 567,000 and were stolen between November 3, 2017, and January 2, 2018.
Superdrug
August 20, 2018
•[ hack, retail ]
Superdrug confirms that hackers claim to have obtained the personal details of almost 20,000 individuals who shopped online at Superdrug.
HauteLook
August 7, 2018
•[ leak, retail ]
In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Jersey Mike's Subs
July 31, 2018
•[ leak, retail ]
Jersey Mike's Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.
BP
July 11, 2018
•[ hack, retail ]
BP emails about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. The company originally thought about 10,000 applicants' data had been breached.
Macy's Inc.
July 9, 2018
•[ hack, phishing, retail ]
Macy's Inc. warns customers that hackers compromised the login information of some users of the retailer's websites. The suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com.
Gas station in Detroit
July 9, 2018
•[ hack, misconfiguration, retail ]
Police in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump.
Fashion Nexus
July 9, 2018
•[ leak, misconfiguration, retail ]
In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris. The various sites exposed in the incident included a range of different data types including names, phone numbers, addresses and passwords stored as a mix of salted MD5 and SHA-1 as well as unsalted MD5 passwords. When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received.
B&B Hospitality Group
July 6, 2018
•[ financial, retail ]
B&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.
Fortnum & Mason
July 2, 2018
•[ leak, misconfiguration, retail ]
Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
Adidas
June 28, 2018
•[ leak, retail ]
Adidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers.
