Miracle-Ear
December 29, 2017
•[ hack, phishing, retail ]
Miracle-Ear Inc. says that 554 patient records have been compromised in a security breach of its e-mail system. The incident occurred Oct. 24, when "an unknown and unauthorized intruder" gained access to the e-mail account of an employee of Miracle-Ear's parent company Amplifon.
Jeffree Star
December 10, 2017
•[ hack, leak, insider ]
Jeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.
PetFlow
December 9, 2017
•[ leak, misconfiguration, retail ]
In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
dvd-shop.ch
December 5, 2017
•[ leak, misconfiguration, retail ]
In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.
Loake Shoes
November 22, 2017
•[ hack, retail ]
Loake Shoes warns its customers to have been the victim of a cyber attack. Apparently the email server has been compromised even if no other details are disclosed.
Jewson
November 14, 2017
•[ hack, malware, retail ]
Builders merchant Jewson notifies 1,659 customers that their private information could have been exposed in a breach occurred late this summer. The breach happened after malicious code was implanted in the Jeson Direct website.
Tarte Cosmetics
October 25, 2017
•[ leak, misconfiguration, retail ]
Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data had been deleted or encrypted.
Pizza Hut
October 15, 2017
•[ hack, retail ]
Pizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients.
Hyatt Hotels Corp.
October 12, 2017
•[ financial, malware, retail ]
Hyatt Hotels Corp reveals to have discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017.
CeX
August 29, 2017
•[ hack, retail ]
Second-hand electronics dealership CeX notifies 2 million customers that their personal information may have been compromised by hackers.
Zazzle
August 28, 2017
•[ hack, brute-force, retail ]
Zazzle sends an email to customers revealing that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.
MALL.cz
July 27, 2017
•[ leak, brute-force, retail ]
In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online. Whilst passwords were stored as hashes, a number of different algorithms of varying strength were used over time. All passwords included in the publicly distributed data were in plain text and were likely just those that had been successfully cracked (members with strong passwords don't appear to be included). According to MALL.cz, the breach only impacted accounts created before 2015.
Loblaws
July 19, 2017
•[ hack, retail ]
According to an email sent out to Loblaws account holders, the security of a 'small number' of accounts has been compromised, marking the second time the company has suffered a security breach this year. Comprised websites include Loblaws.ca, Joefresh.com and Beautyboutique.ca.
The Buckle Inc.
June 17, 2017
•[ financial, malware, retail ]
The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, discloses that its retail locations have been hit by malicious software designed to steal customer credit card data.
Hotels
June 3, 2017
•[ leak, misconfiguration, retail ]
Hotels.com sends an email to some customers advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month (between may 22 and 29).
Kmart
May 31, 2017
•[ financial, malware, retail ]
For the second time in less than three years, Kmart Stores suffers a malware-based security breach of its store credit card processing systems.
Liverpool One Shopping Centre
May 30, 2017
•[ hack, retail ]
Liverpool One shopping centre is forced to shut down a slew of digital billboards after an unknown hacker tampers with the signage.
Brooks Brothers
May 12, 2017
•[ financial, malware, retail ]
U.S. clothing company Brooks Brothers reveals that payment card information of certain customers was compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March.
Tiong Bahru Plaza
May 12, 2017
•[ hack, retail ]
Message Manipulation; Data Attack
Debenhams
May 5, 2017
•[ hack, malware, retail ]
Malware infects the backend systems used by British high street chain Debenhams, and steals 26,000 people's personal information in the process. The hack happened after compromising the systems at Ecomnova, the firm that runs the Debenhams Flowers business, for more than six weeks.
