Fashion Nexus
July 9, 2018
•[ leak, misconfiguration, retail ]
In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris. The various sites exposed in the incident included a range of different data types including names, phone numbers, addresses and passwords stored as a mix of salted MD5 and SHA-1 as well as unsalted MD5 passwords. When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received.
Gas station in Detroit
July 9, 2018
•[ hack, misconfiguration, retail ]
Police in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump.
B&B Hospitality Group
July 6, 2018
•[ financial, retail ]
B&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.
Fortnum & Mason
July 2, 2018
•[ leak, misconfiguration, retail ]
Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
Adidas
June 28, 2018
•[ leak, retail ]
Adidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers.
Red Hen Restaurant
June 27, 2018
•[ hack, retail ]
Researchers from Malwarebytes discover that the Red Hen restaurant that refused to serve Sarah Sanders is hit by a SEO Spam cyberattack.
Buffalo Wild Wings
June 1, 2018
•[ hack, phishing, retail ]
A hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the "secret recipe" for the company's wings.
Romwe
June 1, 2018
•[ hack, retail ]
In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Bombas
May 21, 2018
•[ hack, malware, retail ]
Bombas notifies consumers of breach going back to 2015 when malware in the code of the e-commerce platform was identified and removed on February 9, 2015.
blackphoenixalchemylab
May 17, 2018
•[ hack, malware, retail ]
blackphoenixalchemylab.com discovers malware inserted into the portion of the checkout page between May 1 and May 16.
Poshmark
May 16, 2018
•[ leak, retail ]
In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Chili's Restaurant
May 11, 2018
•[ financial, malware, retail ]
Chili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018.
Malley's Chocolates
May 10, 2018
•[ financial, hack, retail ]
Malley's Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached.
Meituan Dianping
May 3, 2018
•[ leak, retail ]
Meituan Dianping, the internet giant backed by Tencent, China's most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users.
Rail Europe North America
May 1, 2018
•[ financial, malware, retail ]
Rail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.
Zippy's Restaurants
April 27, 2018
•[ hack, malware, retail ]
The Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.
Wendy's
March 31, 2018
•[ hack, retail ]
In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.
JJ Meds
March 9, 2018
•[ financial, retail ]
JJ Meds, a medical marijuana delivery service in Canada, goes offline after having received an extortion demand.
160 Applebee's Restaurants
March 2, 2018
•[ hack, malware, retail ]
RMH Franchise Holdings reveals that PoS systems at the Applebee's network of restaurants were infected with a PoS malware. 160 restaurants are affected. The breach was discovered on February 13, and took place between November 23, 2017, and January 2, 2018.
Tim Hortons
February 27, 2018
•[ hack, malware, retail ]
A computer virus is suspected of crashing cash registers at over 1,000 Tim Hortons coffee and donuts fast food restaurants.
