Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fashion Retailer. Show all posts
Personal Information
customer data compromise customer data leak customer data privacy Data Breach Data Leak Data Privacy data security Database Leaked Fashion Retailer Personal Information

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak

 

Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents, totaling 292 GB in size. The database, which had no password protection or encryption, was publicly accessible online to anyone who knew where to look. 

The leaked records included a vast amount of personally identifiable information (PII), such as names, physical addresses, phone numbers, email addresses, and other order-related data of both retail and business clients. According to Fowler, the actual number of affected individuals could be substantially higher than the number of files. He observed that a single PDF file sometimes contained details from up to 50 separate orders, suggesting that the total number of exposed customer profiles might exceed 3.5 million. 

The information was derived from SABO’s internal document management system used for handling sales, returns, and shipping data—both within Australia and internationally. The files dated back to 2015 and stretched through to 2025, indicating a mix of outdated and still-relevant information that could pose risks if misused. Upon discovering the open database, Fowler immediately notified the company. SABO responded by securing the exposed data within a few hours. 

However, the brand did not reply to the researcher’s inquiries, leaving critical questions unanswered—such as how long the data remained vulnerable, who was responsible for managing the server, and whether malicious actors accessed the database before it was locked. SABO, known for its stylish collections of clothing, swimwear, footwear, and formalwear, operates three physical stores in Australia and also ships products globally through its online platform. 

In 2024, the brand reported annual revenue of approximately $18 million, underscoring its scale and reach in the retail space. While SABO has taken action to secure the exposed data, the breach underscores ongoing challenges in cybersecurity, especially among mid-sized e-commerce businesses. Data left unprotected on the internet can be quickly exploited, and even short windows of exposure can have lasting consequences for customers. 

The lack of transparency following the discovery only adds to growing concerns about how companies handle consumer data and whether they are adequately prepared to respond to digital threats.
Read more »
User Privacy
Data Breach Fashion Retailer Indian Fashion Firm User Privacy

Aditya Birla Fashion and Retails Suffers Massive Data Breach

 

Aditya Birla Apparel & Retail Ltd (ABFRL), India's leading fashion firm, suffered a data breach on its portal that exposed the private details of both its customer and employees. 

Earlier this week, it was reported that the firm's 5,470,063 ABRFL accounts were compromised and the ransom demand made by the hacker gang called ShinyHunters was purportedly turned down. As a result, the information was made public on a famous hacking forum. 

Additionally, the reports claimed that the leaked information included customer information including names, phone numbers, addresses, dates of birth, order histories, credit card details, passwords, and details of employees, including salary details, religion, and marital status.

Server logs and vulnerability reports for ABFRL Indian apparel labels American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil are among the leaked information. 

As per the report of Restore Privacy, the  compromised database contained ABFRL client data, hundreds of thousands of invoices, as well as the company's website source code and server statistics. 

In a letter to its customers, the company said it is investigating a breach and assure its customers that no private information was leaked. “There was an information security incident entailing illegal access to customer (data)base and profile Info of some customers (was) released In some cyber forums. As a precautionary move, the company has reset all client passwords and enabled OTP-based authentication, as well as taken further steps to secure access to customer and employee information," the company’s representative stated. 

ABFRL, which reported a revenue of Rs 5,181.14 crore in the previous financial year, claims to be the country's largest "pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats". 

At the end of the second quarter of the ongoing fiscal, the company boasts of a network of 3,264 stores across approximately 26,841 multi-brand outlets. It has a repertoire of leading brands, such as Louis Philippe, Van Heusen, Allen Solly and Peter England, along with India's largest value fashion retail brand Pantaloons.

Cybersecurity researcher Rajaharia noted that the hacker group was claiming that ABFRL was storing its passwords using message-digest algorithm 5 (MD5), which is a dated algorithm.

“The company should constantly update its algorithms as otherwise; the affected users would not be able to secure their data even after changing their passwords. The hacker group would easily be able to gain user data access again by exploiting the vulnerabilities of the dated hashing algorithm,” the researcher said.
Read more »
Ransomware attack
Data Breach Fashion Retailer Guess Ransomware attack

Fashion Retailer Guess Confirms Data Breach

 

Guess, the popular clothing and lifestyle brand is notifying the customers via letters of a data breach caused by a ransomware attack in February. Soon after the incident, the retailer contracted a cybersecurity firm to assist with their investigation into the ransomware attack.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor. The investigation determined that Social Security numbers, driver’s license numbers, passport numbers, and/or financial account numbers may have been accessed or acquired,” the letter reads.

Guess finally discovered the addresses of all affected customers after reviewing exposed documents on June 30. It began informing customers on June 09 and filed a breach notification a month later. While only 1,300 individuals may have been affected by the Guess data breach, the extent of the damage suffered by each affected customer should serve as a warning to enterprises of all sizes. 

Los Angeles-based Guess has 1,580 stores globally, including 280 in the U.S. and 80 in Canada. As of May, it added new shops equivalent to 539. They are situated globally in 100 countries.

In April, Databreaches.net reported that the  DarkSide ransomware gang claimed responsibility for the Guess data breach and ransomware attack, and they had studied Guess' financial records and learned the company brought in nearly $2.7 billion in revenue last year. 

"We recommend using your insurance, which just covers this case. It will bring you four times more than you spend on acquiring such a valuable experience. We act in stages and notify the press usually already when exactly sure that the company will not pay. As for [Guess and another company they named] -- I think the press will see them," the DarkSide representative said in messages translated from Russian.

"Although the DarkSide ransomware group is out of commission, that does not mean this breach is insignificant. The significant amount and very personal types of data being collected by the organization, including passport numbers, Social Security numbers, driver's license numbers, financial account and/or credit/debit card numbers with security codes, passwords, or PIN numbers, is an extremely valuable dataset for cybercriminals if they want to steal identities," Erich Kron, a  security analyst at KnowBe4, stated.
Read more »
Subscribe to: Posts (Atom)