Blowout Cards
April 25, 2017
•[ hack, financial, retail ]
Blowout Cards issues a security alert to customers, warning that their payment card details may have been compromised after an attacker hacked its website and customers began reporting related card fraud.
Best American Hospitality Corp.
April 14, 2017
•[ financial, retail ]
Best American Hospitality Corp. issues a statement regarding stolen payment cards at some of the restaurants it manages and operates.
Amazon third-party sellers
April 10, 2017
•[ hack, phishing, retail ]
Amazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages.
Gamestop
April 7, 2017
•[ hack, malware, retail ]
Video game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website gamestop.com.
Ster-Kinekor
March 9, 2017
•[ leak, misconfiguration, retail ]
In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website. Whilst more than 6 million accounts were leaked by the flaw, the exposed data only contained 1.6 million unique email addresses. The data also included extensive personal information such as names, addresses, birthdates, genders and plain text passwords.
Unknown Organization
March 2, 2017
•[ hack, ddos, retail ]
South Korea's Lotte Duty Free website (lottedfs.com) is taken down by a DDoS attack orchestrated from a Chinese IP.
Roberts Hawaii
February 26, 2017
•[ hack, misconfiguration, retail ]
The tour company Roberts Hawaii warns its customers about a security breach that may have affected people who purchased tours and other services on its website between July 2015 and December 2016.
Unknown Organization
February 20, 2017
•[ hack, retail ]
A hacker claims to have hacked the official web forum of a gun retailer Airsoft GI (airsoftgiforum.com) and uploaded its data on Dropbox.
Arby's
February 9, 2017
•[ hack, malware, retail ]
The fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.
Sports Direct
February 8, 2017
•[ leak, retail ]
Sports Direct is accused to have suffered (and kept hidden) a data breach affecting 30,000 employees. The breach allegedly happened in September 2016.
Canadian Tire
February 7, 2017
•[ hack, retail ]
Canadian Tire shuts down customer access to online accounts after detecting unusual traffic in their website.
POPEYES
January 18, 2017
•[ financial, malware, retail ]
CCC Restaurant Enterprises, LLC, doing business as POPEYES, announce that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at 10 Restaurant locations between May 5, 2016 and August 18, 2016.
Sephora
January 9, 2017
•[ leak, retail ]
In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
CloudPets
January 1, 2017
•[ leak, ransomware, misconfiguration ]
In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands). 583k records were provided to HIBP via a data trader and included email addresses and bcrypt hashes, but the full extent of user data exposed by the system was over 821k records and also included children's names and references to portrait photos and voice recordings.
Madison Square Garden
November 22, 2016
•[ hack, financial, retail ]
Madison Square Garden Co. admits that hackers may have stolen payment card data at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and The Chicago Theatre from Nov. 9, 2015 to Oct. 24, 2016.
Sam's Club
November 5, 2016
•[ leak, misconfiguration, retail ]
Wholesale retail giant Sam's Club has reset passwords for thousands of customers (14,600 email addresses and plain-text passwords) after their account details were posted online.
Sentinel Hotel
November 4, 2016
•[ financial, retail ]
Sentinel Hotel announces to have taken action to investigate and address an incident affecting payment card data at the hotel's front desk.
Vera Bradley
October 13, 2016
•[ hack, malware, retail ]
American high-end fashion retailer Vera Bradley has revealed that hackers may have accessed customers' card data from payment processing systems at its retail stores this summer.
Pont3
October 6, 2016
•[ leak, misconfiguration, retail ]
Pont3, an Australian event organizer, reveals that an unauthorized party had gained access to its mailing list account and downloaded data about individuals that subscribed to various events organized by the company in the past.
justformen[.]com
September 20, 2016
•[ hack, malware, retail ]
The website for Just For Men, a company that sells various products for men is compromised to serve malware to its visitors.
