VisionDirect
November 18, 2018
•[ financial, retail ]
VisionDirect, a popular contact lens online merchant, posts an advisory stating that their web site was compromised causing the theft of credit card and account information. The breach occurred between November 3rd and November 8th.
Infowars' online store
November 14, 2018
•[ financial, malware, retail ]
A Magecart credit card skimming attack is discovered on the online store for the Infowars web site.
Saffire Freycinet
November 2, 2018
•[ hack, retail ]
Guests of two Tasmania's luxury hotels are notified that their personal data may have been accessed by an unauthorised third party.
Five Guys
November 2, 2018
•[ social, phishing, retail ]
Five Guys notifies employees of data breach after an employee falls victim for a phishing attack.
Kitronik
November 2, 2018
•[ hack, malware, retail ]
Educational electronics outlet Kitronik is the latest victim of the Magecart gang. The hack occurred between August and September.
Radisson Hotel Group
October 31, 2018
•[ leak, retail ]
The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme. The incident happened on September 11, but was identified only on October first.
Shopper Approved
October 9, 2018
•[ hack, malware, retail ]
Shopper Approved is the latest victim of the Magecart gang. The incident took place on September 15.
Burgerville
September 30, 2018
•[ financial, retail ]
Burgerville reveals a data breach impacting the chain which may have led to the theft of detailed credit card information belonging to customers.
Recipe Unlimited
September 28, 2018
•[ ransomware, malware, retail ]
Recipe Unlimited, a Canadian restaurant chain that operates over 20 restaurant brands, suffers a country-wide outage of its IT systems over the weekend in a ransomware incident.
Newegg
September 19, 2018
•[ financial, malware, retail ]
Researchers from RiskIQ, together with Volexity, reveal that California-based retailer Newegg is the latest well-known merchant to succumb to the Magecart group.
Saverspy
September 17, 2018
•[ leak, misconfiguration, retail ]
Bob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.
Groopdealz
September 14, 2018
•[ hack, malware, retail ]
Groopdealz joins the list of the victims of the Magecart group.
FreshMenu
September 10, 2018
•[ hack, retail ]
The Indian online food platform FreshMenu admits to have hidden a data breach affecting 110K users for two years. The data breach happened on July 1, 2016.
C&A
August 30, 2018
•[ leak, retail ]
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
Cheddar Scratch Kitchen
August 22, 2018
•[ hack, malware, retail ]
Restaurants in 23 states belonging to Cheddar Scratch Kitchen are affected by a cyberattack that exposed payment card information. The amount of impacted card details is estimated to be 567,000 and were stolen between November 3, 2017, and January 2, 2018.
Superdrug
August 20, 2018
•[ hack, retail ]
Superdrug confirms that hackers claim to have obtained the personal details of almost 20,000 individuals who shopped online at Superdrug.
HauteLook
August 7, 2018
•[ leak, retail ]
In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Jersey Mike's Subs
July 31, 2018
•[ leak, retail ]
Jersey Mike's Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.
BP
July 11, 2018
•[ hack, retail ]
BP emails about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. The company originally thought about 10,000 applicants' data had been breached.
Macy's Inc.
July 9, 2018
•[ hack, phishing, retail ]
Macy's Inc. warns customers that hackers compromised the login information of some users of the retailer's websites. The suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com.
