Curtis Lumber
February 22, 2018
•[ social, phishing, retail ]
Curtis Lumber is the victim of a spear phishing attack.
Staybridge Suites Lexington Hotel
February 14, 2018
•[ financial, malware, retail ]
The Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware.
Ron's Pharmacy Services
February 2, 2018
•[ leak, retail ]
Ron's Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron's Pharmacy internal account numbers, and payment adjustment information.
National Stores, Inc.
January 23, 2018
•[ financial, malware, retail ]
National Stores, Inc. announces that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. It appears that payment cards used by customers at some National Stores locations between July 16 and December 11, 2017 may be involved.
Beautyblender
January 5, 2018
•[ hack, malware, retail ]
Beautyblender notifies 3,673 individuals that their information might have been compromised after the discovery of a malware on its online shop.
Elanic
January 1, 2018
•[ leak, misconfiguration, retail ]
In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this data was exposed publicly" and that the data was "old" (the hacking forum reported it as being from 2016-2018). When asked about disclosure to impacted customers, Elanic advised that they had "decided to not have as such any communication and public disclosure".
HauteLook
January 1, 2018
•[ hack, retail ]
hacked
DailyObjects
January 1, 2018
•[ leak, misconfiguration, retail ]
In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts to contact them, DailyObjects responded and received a copy of the data for verification, however failed to respond to multiple contact attempts following that.
Miracle-Ear
December 29, 2017
•[ hack, phishing, retail ]
Miracle-Ear Inc. says that 554 patient records have been compromised in a security breach of its e-mail system. The incident occurred Oct. 24, when "an unknown and unauthorized intruder" gained access to the e-mail account of an employee of Miracle-Ear's parent company Amplifon.
Jeffree Star
December 10, 2017
•[ hack, leak, insider ]
Jeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.
PetFlow
December 9, 2017
•[ leak, misconfiguration, retail ]
In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
dvd-shop.ch
December 5, 2017
•[ leak, misconfiguration, retail ]
In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.
Loake Shoes
November 22, 2017
•[ hack, retail ]
Loake Shoes warns its customers to have been the victim of a cyber attack. Apparently the email server has been compromised even if no other details are disclosed.
Jewson
November 14, 2017
•[ hack, malware, retail ]
Builders merchant Jewson notifies 1,659 customers that their private information could have been exposed in a breach occurred late this summer. The breach happened after malicious code was implanted in the Jeson Direct website.
Tarte Cosmetics
October 25, 2017
•[ leak, misconfiguration, retail ]
Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data had been deleted or encrypted.
Pizza Hut
October 15, 2017
•[ hack, retail ]
Pizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients.
Hyatt Hotels Corp.
October 12, 2017
•[ financial, malware, retail ]
Hyatt Hotels Corp reveals to have discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017.
CeX
August 29, 2017
•[ hack, retail ]
Second-hand electronics dealership CeX notifies 2 million customers that their personal information may have been compromised by hackers.
Zazzle
August 28, 2017
•[ hack, brute-force, retail ]
Zazzle sends an email to customers revealing that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.
