Giant Tiger
March 25, 2024
•[ leak, retail ]
A threat actor claims responsibility for a data breach to Giant Tiger and leaks 2.8 million customer records on a forum.
Panera Bread
March 22, 2024
•[ ransomware, malware, retail ]
Panera Bread suffers a ransomware attack.
PetSmart
March 6, 2024
•[ hack, brute-force, retail ]
Pet retail giant PetSmart warns some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts.
Giant Tiger
March 4, 2024
•[ leak, misconfiguration, retail ]
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
LDLC
February 28, 2024
•[ hack, retail ]
In March 2024, French retailer LDLC disclosed a data breach that impacted customers of their physical stores. The data was previously listed for sale on a popular hacking forum and contained 1.26M unique email addresses along with names, phone numbers and physical addresses. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Pepco Group
February 27, 2024
•[ financial, retail ]
European discount retailer Pepco Group reveals that its Hungarian business has lost a significant amount of money (15.5 Million) to cybercriminals.
Chula Book
January 22, 2024
•[ leak, retail ]
An individual known as Naraka lists a data dump for sale on breachforums.is, featuring one of Thailand's largest bookstores called Chula Book. The breach affects over 160,000 users.
Subway
January 20, 2024
•[ ransomware, malware, retail ]
Sandwich chain Subway launches an investigation after the notorious LockBit ransomware group claims over the weekend that it hacked into the companys systems and stole vast amounts of information.
Jason's Deli
January 19, 2024
•[ hack, brute-force, retail ]
Jason's Deli warns of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks.
Khaadi
January 15, 2024
•[ hack, malware, retail ]
Khaadi, a clothing retail site based in Pakistan and the United Arab Emirates is hit with a magecart attack.
Lush
January 11, 2024
•[ ransomware, malware, retail ]
Lush, the privately-owned British cosmetics retailer is currently responding to a cyber security incident. Few week later the Akira ransomware gang claims responsibility for the attack.
Coop Sverige
December 22, 2023
•[ ransomware, malware, retail ]
Coop Sverige is hit with a ransomware attack, whose responsibility is claimed by the Cactus ransomware gang.
GLAMIRA
December 16, 2023
•[ hack, retail ]
In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses, names, phone numbers and purchases.
GLAMIRA
December 16, 2023
•[ hack, misconfiguration, retail ]
In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses, names, phone numbers and purchases. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Undisclosed franchise partner
December 7, 2023
•[ ransomware, malware, retail ]
Billion-dollar shoe seller Aldo says that a recent claim by the notorious LockBit ransomware gang was related to one of the company's franchise partners.
Welhof
December 1, 2023
•[ leak, retail ]
In late 2023, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Staples
November 30, 2023
•[ hack, retail ]
American office supply retailer Staples takes down some of its systems after a cyberattack to contain the breach's impact and protect customer data.
Noble Mountain Tree Farm
November 28, 2023
•[ ransomware, leak, malware ]
The Play ransomware gang adds Noble Mountain Tree Farm to their leak site.
Sparex
November 28, 2023
•[ ransomware, leak, malware ]
The Play ransomware gang adds Sparex to their leak site.
