blackphoenixalchemylab
May 17, 2018
•[ hack, malware, retail ]
blackphoenixalchemylab.com discovers malware inserted into the portion of the checkout page between May 1 and May 16.
Poshmark
May 16, 2018
•[ leak, retail ]
In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Chili's Restaurant
May 11, 2018
•[ financial, malware, retail ]
Chili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018.
Malley's Chocolates
May 10, 2018
•[ financial, hack, retail ]
Malley's Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached.
Meituan Dianping
May 3, 2018
•[ leak, retail ]
Meituan Dianping, the internet giant backed by Tencent, China's most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users.
Rail Europe North America
May 1, 2018
•[ financial, malware, retail ]
Rail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.
Zippy's Restaurants
April 27, 2018
•[ hack, malware, retail ]
The Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.
Wendy's
March 31, 2018
•[ hack, retail ]
In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.
JJ Meds
March 9, 2018
•[ financial, retail ]
JJ Meds, a medical marijuana delivery service in Canada, goes offline after having received an extortion demand.
160 Applebee's Restaurants
March 2, 2018
•[ hack, malware, retail ]
RMH Franchise Holdings reveals that PoS systems at the Applebee's network of restaurants were infected with a PoS malware. 160 restaurants are affected. The breach was discovered on February 13, and took place between November 23, 2017, and January 2, 2018.
Tim Hortons
February 27, 2018
•[ hack, malware, retail ]
A computer virus is suspected of crashing cash registers at over 1,000 Tim Hortons coffee and donuts fast food restaurants.
Curtis Lumber
February 22, 2018
•[ social, phishing, retail ]
Curtis Lumber is the victim of a spear phishing attack.
Staybridge Suites Lexington Hotel
February 14, 2018
•[ financial, malware, retail ]
The Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware.
Ron's Pharmacy Services
February 2, 2018
•[ leak, retail ]
Ron's Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron's Pharmacy internal account numbers, and payment adjustment information.
National Stores, Inc.
January 23, 2018
•[ financial, malware, retail ]
National Stores, Inc. announces that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. It appears that payment cards used by customers at some National Stores locations between July 16 and December 11, 2017 may be involved.
Beautyblender
January 5, 2018
•[ hack, malware, retail ]
Beautyblender notifies 3,673 individuals that their information might have been compromised after the discovery of a malware on its online shop.
DailyObjects
January 1, 2018
•[ leak, misconfiguration, retail ]
In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts to contact them, DailyObjects responded and received a copy of the data for verification, however failed to respond to multiple contact attempts following that.
Elanic
January 1, 2018
•[ leak, misconfiguration, retail ]
In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this data was exposed publicly" and that the data was "old" (the hacking forum reported it as being from 2016-2018). When asked about disclosure to impacted customers, Elanic advised that they had "decided to not have as such any communication and public disclosure".
HauteLook
January 1, 2018
•[ hack, retail ]
hacked
