MALL.cz
July 27, 2017
•[ leak, brute-force, retail ]
In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online. Whilst passwords were stored as hashes, a number of different algorithms of varying strength were used over time. All passwords included in the publicly distributed data were in plain text and were likely just those that had been successfully cracked (members with strong passwords don't appear to be included). According to MALL.cz, the breach only impacted accounts created before 2015.
Loblaws
July 19, 2017
•[ hack, retail ]
According to an email sent out to Loblaws account holders, the security of a 'small number' of accounts has been compromised, marking the second time the company has suffered a security breach this year. Comprised websites include Loblaws.ca, Joefresh.com and Beautyboutique.ca.
The Buckle Inc.
June 17, 2017
•[ financial, malware, retail ]
The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, discloses that its retail locations have been hit by malicious software designed to steal customer credit card data.
Hotels
June 3, 2017
•[ leak, misconfiguration, retail ]
Hotels.com sends an email to some customers advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month (between may 22 and 29).
Kmart
May 31, 2017
•[ financial, malware, retail ]
For the second time in less than three years, Kmart Stores suffers a malware-based security breach of its store credit card processing systems.
Liverpool One Shopping Centre
May 30, 2017
•[ hack, retail ]
Liverpool One shopping centre is forced to shut down a slew of digital billboards after an unknown hacker tampers with the signage.
Brooks Brothers
May 12, 2017
•[ financial, malware, retail ]
U.S. clothing company Brooks Brothers reveals that payment card information of certain customers was compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March.
Tiong Bahru Plaza
May 12, 2017
•[ hack, retail ]
Message Manipulation; Data Attack
Debenhams
May 5, 2017
•[ hack, malware, retail ]
Malware infects the backend systems used by British high street chain Debenhams, and steals 26,000 people's personal information in the process. The hack happened after compromising the systems at Ecomnova, the firm that runs the Debenhams Flowers business, for more than six weeks.
Blowout Cards
April 25, 2017
•[ hack, financial, retail ]
Blowout Cards issues a security alert to customers, warning that their payment card details may have been compromised after an attacker hacked its website and customers began reporting related card fraud.
Best American Hospitality Corp.
April 14, 2017
•[ financial, retail ]
Best American Hospitality Corp. issues a statement regarding stolen payment cards at some of the restaurants it manages and operates.
Amazon third-party sellers
April 10, 2017
•[ hack, phishing, retail ]
Amazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages.
Gamestop
April 7, 2017
•[ hack, malware, retail ]
Video game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website gamestop.com.
Ster-Kinekor
March 9, 2017
•[ leak, misconfiguration, retail ]
In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website. Whilst more than 6 million accounts were leaked by the flaw, the exposed data only contained 1.6 million unique email addresses. The data also included extensive personal information such as names, addresses, birthdates, genders and plain text passwords.
Unknown Organization
March 2, 2017
•[ hack, ddos, retail ]
South Korea's Lotte Duty Free website (lottedfs.com) is taken down by a DDoS attack orchestrated from a Chinese IP.
Roberts Hawaii
February 26, 2017
•[ hack, misconfiguration, retail ]
The tour company Roberts Hawaii warns its customers about a security breach that may have affected people who purchased tours and other services on its website between July 2015 and December 2016.
Unknown Organization
February 20, 2017
•[ hack, retail ]
A hacker claims to have hacked the official web forum of a gun retailer Airsoft GI (airsoftgiforum.com) and uploaded its data on Dropbox.
Arby's
February 9, 2017
•[ hack, malware, retail ]
The fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.
Sports Direct
February 8, 2017
•[ leak, retail ]
Sports Direct is accused to have suffered (and kept hidden) a data breach affecting 30,000 employees. The breach allegedly happened in September 2016.
Canadian Tire
February 7, 2017
•[ hack, retail ]
Canadian Tire shuts down customer access to online accounts after detecting unusual traffic in their website.
