British Clothing Retailer Fat Face Discloses Data Breach

Data Breach Today

Employee and Customer Information Compromised in January Attack; ICO Investigating British clothing and accessories retailer Fat Face says it detected a data breach in January, which exposed personal information - including partial payment card numbers - for an unspecified number of customers and employees.

Retail 225

Fat Face's 'Strictly Private' Data Breach Notification

Data Breach Today

So Are We Supposed to Keep This Data Breach Notification Just Between Us Friends? What happens when an e-commerce retailer sends customers a data breach notification email with a subject line that reads "strictly private and confidential"?


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Retailer Fat Face Pays $2 Million Ransom to Conti Gang

Data Breach Today

News Follows 'Private and Confidential' Breach Notification Fat Face Sent to Victims Left unsaid in Fat Face's "strictly private and confidential" data breach notification to affected customers this week was any indication that the fashion clothing retailer had paid a reported $2 million ransom to the Conti gang to unlock its systems.

Retail 181

How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.

Target Sues Insurer Over 2013 Data Breach Costs

Data Breach Today

Lawsuit Claims Insurer Owes Retailer for Coverage of Card Replacement Costs Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer's massive 2013 data breach.

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

Retail giant Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of the data breach that the company suffered in 2014. The US largest home improvement retailer giant Home Depot agrees to $17.5 million settlement over the 2014 data breach.

Magecart Hits Macy's: Retailer Discloses Data Breach

Dark Reading

The retail giant discovered malicious code designed to capture customer data planted on its payment page

Staples discloses data breach exposing customer order data

Security Affairs

Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. The office retail giant sent out a data breach notification letter to the impacted customers, the incident took place around September 2.

List of Data Breaches and Cyber Attacks in March 2021 – 21 Million Records Breached

IT Governance

Don’t be fooled by the fact that we only recorded 20,995,371 breached records in March; it was one of the leakiest months we’ve ever seen, with 151 recorded incidents. By comparison, there was a seemingly Lilliputian 82 recorded breaches in January and 118 in February. Data breaches.

How data breaches are affecting the retail industry

IT Governance

Data breaches. What steps will the ICO (Information Commissioner’s Office) take to ensure organisations comply with the recently enforced GDPR (General Data Protection Regulation)? How will customers, suppliers and partners react to organisations that suffer a breach? Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them?

List of data breaches and cyber attacks in November 2020 – 586 million records breached

IT Governance

The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below. Here is our complete list of November’s cyber attacks and data breaches. Data breaches.

Magecart Spies Payment Cards From Retailer Vision Direct

Data Breach Today

Card-Sniffing JavaScript Posed as Google Analytics Script on Retailer's Sites Online contact lens retailer Vision Direct says it suffered a data breach that exposed customers' names and complete payment card details. Researchers say fake Google Analytics JavaScript designed to capture card details appears to have been planted by the prolific cybercrime gangs known as Magecart

Retail 180

Wawa Data Breach: Malware Stole Customer Payment Card Info


Breach data breach malware payment card theft point of sale pos retail breach Wawa Wawa breachWawa said that payment-processing system malware had potentially affected all 850 of its locations.

List of data breaches and cyber attacks in December 2020 – 148 million records breached

IT Governance

We logged 134 security incidents in December, which accounted for 148,354,955 breached records. We’ll have a separate post looking at the year’s data breaches and cyber attacks in more detail, but in the meantime, you can find the full list of December’s incidents below.

SHEIN Data breach affected 6.42 million users

Security Affairs

Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach. The online fashion retailer announced a security breach last week, according to the firm the attackers carried out “a sophisticated criminal cyberattack on its computer network.”

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform.

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

IT Governance

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records. As such, affected individuals should already have been aware that their data had been compromised and taken the necessary steps to mitigate the damage.

Are Data Breaches the New Reality for Retail?

Thales Cloud Protection & Licensing

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. While retailers digitally transform their businesses to better serve the higher demands of their customers, they’re being challenged with safeguarding personal data to protect customers, partners and suppliers’ critical information. Data Breach

Luxottica data breach exposes info of LensCrafters and EyeMed patients

Security Affairs

A data breach suffered by Luxottica has exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and SecurityAffairs – hacking, data breach).

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

With organisations across the globe turned upside down by the COVID-19 pandemic, there has never been a worse time to suffer a data breach or cyber attack. Australia’s Defence Force Recruiting systems were taken offline after security breach (unknown). Data breaches.

Customers lose confidence – data breaches aren’t just about fines

IT Governance

A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches. Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA , British Airways , Vision Direct , Eurostar and Marriott. It is essential for organisations of all types and sizes to do their absolute best to reduce the risks of a data breach. Following a data breach, 78% of people would stop engaging with a brand online.

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. The incident is still being investigated by the National Crime Agency and National Cyber Security Centre , with a skimming script that scraped data from online payment forms thought to be the cause. Is your organisation prepared for a data breach?

E-Skimming Strikes Again: Macy’s Confirms Magecart Data Breach

Adam Levin

Macy’s has informed customers of an e-skimming data breach following the discovery of Magecart malware on its website. In a letter to affected customers, the retailer said that it had detected malware on its e-commerce website on October 15 and that it had been active for a little over a week. . Magecart attacks are a growing threat to online retailers and e-commerce sites, where rogue code is inserted into sites to “skim” customer card information.

3 ways a data breach can occur

IT Governance

We’ve talked a lot recently about the financial effects of data breaches and how you should respond to incidents , but that still leaves the question of how data breaches occur. This blog looks at some real-world examples of some of the most common causes of data breaches and explains how they occurred. It lost three months’ worth of data as a result, but there was no guarantee that the crooks would keep their word and return the information.

Canada's Fitness Depot Alerts Customers to Data Breach

Dark Reading

The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers' information

Freedom Mobile data breach impacts at least 15,000 customers

Security Affairs

Canadian Freedom Mobile mobile network operator exposed the details of many customers, including their payment card data. Exposed records include email addresses, phone numbers, home addresses, dates of birth, IP addresses associated with payment methods, credit scores (from Equifax and other companies), unencrypted payment card data with CVV codes, locations, and other customer service records, and account details. All the data was encrypted.

Retailer Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. Data backup services.

Adidas data breach

IT Governance

On 28 June 2018, athletic apparel company Adidas announced that its US website had suffered a data breach , exposing online customers’ personal data. The breach was detected on 26 June. In its statement , Adidas said: “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. If you would like more information on how to do this, request a call with one of our retail experts.

Heathrow Airport fined £120,000 for data breach

IT Governance

The ICO (Information Commissioner’s Office) has fined Heathrow Airport £120,000 for failing to secure sensitive personal data after a member of public found an unencrypted USB stick containing data about the airport’s staff. This data was “erroneously captured” during a three-second portion of the video, when a page from an open ring binder containing the information briefly appeared on screen. How did the data breach occur?

Morrisons heads to the Supreme Court over data breach

IT Governance

The Supreme Court has given Morrisons permission to appeal a ruling that found the supermarket liable for a data breach caused by a malicious insider. Morrisons has lost two cases related to its March 2014 data breach , in which Andrew Skelton, a senior internal auditor at the supermarket’s Bradford office, leaked the payroll data of 99,998 employees. Skelton was arrested soon after leaking the data and in July 2015 was sentenced to eight years in prison.

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores. As the data contains alleged criminal records, it could be considered sensitive information under the GDPR (General Data Protection Regulation). How did it inform the data subjects that their data was being processed?

List of data breaches and cyber attacks in October 2019 – 421 million records breached

IT Governance

In a month where security experts across Europe were boosting awareness of cyber security , organisations had mixed results in their own data protection practices. On the one hand, the 421,103,896 data records that were confirmed to have been breached in October represents about 50% of the monthly average. It was also a particularly bad month for the UK, with 9 confirmed breaches. Comodo Forums users told that their data has been stolen and traded online (170,000).

List of data breaches and cyber attacks in November 2019 – 1.34 billion records breached

IT Governance

It was a big month for data breaches this month, with a confirmed 1,341,147,383 records being exposed in 87 incidents. Here is a full list of data breaches in November – as always, those affecting the UK are listed in bold. breached in suspected phishing attack (unknown).

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Security Affairs

LightInTheBox is a Chinese online retailer trading on the New York Stock Exchange, most of its customers are in North America and Europe. TB of data, totaling over 1.5 billion records, it also included data from their subsidiary sites such as

Superdrug’s customers affected in data breach

IT Governance

Yesterday evening, Superdrug contacted its customers about a data breach affecting a reported 20,000 individuals. Were they breach ready? As we often say, all organisations should prepare themselves for a data breach. Their statement also makes no comment about informing the ICO (Information Commissioner’s Office) about this data breach. Cyber Security Retail

Has the cause of the BA data breach been identified?

IT Governance

The latest news reports claim that the cause of the data breach has been identified by a RiskIQ researcher, who has analysed the code from BA’s website and app. They say that there is evidence of a “skimming” script designed to scrape data from online payment forms. RiskIQ adds that it has been able to identify 22 lines of modified JavaScript that grabbed data from BA’s online payment form and sent it to the criminal hackers’ server as soon as the customer clicked ‘submit’.

Retailers increase cyber security spending, but attacks continue to rise

IT Governance

The UK’s biggest retailers are spending more than ever on cyber security but are continuing to see an alarming rise in cyber attacks and data breaches due to the ever-evolving threat landscape, a report has found. According to The British Retail Consortium’s 2019 Retail Crime Survey , large organisations invested £162 million in cyber defences in the 2017­–18 financial year, an increase of 17% on 2017. Are retailers investing wisely? Retail

Prompt notification would ease pain of data breaches, survey reveals

Information Management Resources

At the same time, consumers hold banks to tougher disclosure standards than government agencies, health care organizations and retailers, according to Experian. Cyber security Data security Data breaches

Forever 21 Informs Shoppers of Data Breach

Dark Reading

Forever 21 learned an unauthorized actor may have accessed payment card data at certain retail stores

Dixons Carphone reveals data breach affecting 5.9 million customers

The Guardian Data Protection

Consumer electronics retailer apologises and says there is currently no evidence of fraud Dixons Carphone has revealed a major breach of data involving unauthorised access to 5.9 The consumer electronics retailer said it had detected an attempt to compromise the cards in a processing system at Currys PC World and Dixons Travel, but said there was no evidence of any fraud as a result of the incident.