POPEYES
January 18, 2017
•[ financial, malware, retail ]
CCC Restaurant Enterprises, LLC, doing business as POPEYES, announce that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at 10 Restaurant locations between May 5, 2016 and August 18, 2016.
Sephora
January 9, 2017
•[ leak, retail ]
In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
CloudPets
January 1, 2017
•[ leak, ransomware, misconfiguration ]
In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands). 583k records were provided to HIBP via a data trader and included email addresses and bcrypt hashes, but the full extent of user data exposed by the system was over 821k records and also included children's names and references to portrait photos and voice recordings.
Madison Square Garden
November 22, 2016
•[ hack, financial, retail ]
Madison Square Garden Co. admits that hackers may have stolen payment card data at Madison Square Garden, The Theater at Madison Square Garden, Radio City Music Hall, Beacon Theatre and The Chicago Theatre from Nov. 9, 2015 to Oct. 24, 2016.
Sam's Club
November 5, 2016
•[ leak, misconfiguration, retail ]
Wholesale retail giant Sam's Club has reset passwords for thousands of customers (14,600 email addresses and plain-text passwords) after their account details were posted online.
Sentinel Hotel
November 4, 2016
•[ financial, retail ]
Sentinel Hotel announces to have taken action to investigate and address an incident affecting payment card data at the hotel's front desk.
Vera Bradley
October 13, 2016
•[ hack, malware, retail ]
American high-end fashion retailer Vera Bradley has revealed that hackers may have accessed customers' card data from payment processing systems at its retail stores this summer.
Pont3
October 6, 2016
•[ leak, misconfiguration, retail ]
Pont3, an Australian event organizer, reveals that an unauthorized party had gained access to its mailing list account and downloaded data about individuals that subscribed to various events organized by the company in the past.
justformen[.]com
September 20, 2016
•[ hack, malware, retail ]
The website for Just For Men, a company that sells various products for men is compromised to serve malware to its visitors.
Interpark Corp.
July 25, 2016
•[ hack, retail ]
Interpark, a South Korean online shopping mall, is the victim of a data breach with more 10 million customers affected.
pingpong.su
July 12, 2016
•[ leak, retail ]
SonnySpooks leaks the entire database of pingpong.su made of 57K records including username and passwords.
FreshMenu
July 1, 2016
•[ leak, retail ]
In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses and order histories. When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.
Unknown Organization
July 1, 2016
•[ hack, retail ]
DID Electrical reveals that more than 300 people have had card details stolen after an online security breach. The attack happened between June 15 and June 26.
Hard Rock Hotel and Casino Las Vegas
June 29, 2016
•[ financial, hack, malware ]
The Hard Rock Hotel and Casino Las Vegas notifies guests of "certain restaurant and retail outlets" located at its Las Vegas casino that hackers breached payments systems extracting credit card data.
Noodles & Company
June 29, 2016
•[ financial, malware, retail ]
Noodles & Company announces that malware infected its backend card processing system and maybe have compromised customer credit and debit card data collected between January 31, 2016 and June 2, 2016.
Unnamed jewelry shop
June 27, 2016
•[ hack, ddos, retail ]
Researchers from Sucuri reveal the details of a massive DDoS attack against an unnamed jewelry shop carried out by leveraging a network of 25,000 compromised CCTV boxes.
Castorama
June 8, 2016
•[ hack, xss, retail ]
French DIY goods store Castorama pull its website offline after unknown attackers manipulated the site search function to suggest rude versions of household appliances.
Sh0ping[.]su
June 5, 2016
•[ hack, retail ]
Sh0ping[.]su, a platform known for selling stolen accounts on the dark market is hacked. The attackers leak 16,000 stolen accounts, 15,000 accounts taken from other sites, and 9,000 credit cards.
Kiddicare
May 9, 2016
•[ hack, retail ]
Babycare retailer Kiddicare has warned customers that personal data consisting of 795,000 records shared with the store has been stolen by hackers.
Union League Club
May 3, 2016
•[ financial, insider, malware ]
Union League Club says it is working with the FBI to investigate a security breach involving guests' credit card information. An employee accused to have installed malicious software is fired.
