Retail & E-Commerce Data Breaches — Customer & Payment Compromises

Retail & E-Commerce Data Breaches (599 indexed)

medium · retail · May 1, 2026

Aman

215,563 records exposed — Dates of birth, Email addresses, Genders, Language preferences and 6 more

View incident → Original disclosure Indexed 1 day, 1 hour ago

medium · retail · Apr 27, 2026

BlackFile Group Targets Retail and

Researchers uncover a new data theft and extortion group dubbed “BlackFile”

View incident → Original disclosure Indexed 5 days, 1 hour ago

medium · retail · Apr 24, 2026

New BlackFile extortion group linked

A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]

View incident → Original disclosure Indexed 1 week, 1 day ago

high · retail · Apr 17, 2026

Amtrak

2,147,679 records exposed — Email addresses, Names, Physical addresses, Support tickets

View incident → Original disclosure Indexed 2 weeks, 1 day ago

high · retail · Apr 12, 2026

Hallmark

1,736,520 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more

View incident → Original disclosure Indexed 2 weeks, 6 days ago

high · retail · Apr 4, 2026

Crunchyroll

1,195,684 records exposed — Email addresses

View incident → Original disclosure Indexed 4 weeks ago

critical · retail · Mar 27, 2026

ManoMano (European DIY chain)

38M customer records including names, emails, phone numbers via third-party breach

View incident → Indexed 1 month ago

critical · retail · Mar 27, 2026

Sears Home Services

3.7M chat logs and 1.4M audio files exposed containing PII from AI chatbot

View incident → Indexed 1 month ago

high · retail · Mar 27, 2026

Wynn Resorts

800K employee records including SSNs and PII claimed by ShinyHunters

View incident → Indexed 1 month ago

medium · retail · Mar 27, 2026

Starbucks

889 employee accounts compromised exposing SSNs, financial data via Partner Central

View incident → Indexed 1 month ago

high · retail · Mar 23, 2026

Lululemon Athletica

340K customer records from loyalty program and online orders exposed via web app vulnerability

View incident → Original disclosure Indexed 1 month, 1 week ago

critical · retail · Mar 9, 2026

Loblaw Companies (Canada)

2.8M PC Optimum loyalty member records stolen including purchase history and contact data

View incident → Original disclosure Indexed 1 month, 3 weeks ago

critical · retail · Mar 6, 2026

Kroger Company

1.6M customer pharmacy and loyalty records exposed via FTP server misconfiguration

View incident → Original disclosure Indexed 1 month, 3 weeks ago

critical · retail · Mar 5, 2026

Coles Group (Australia)

1.1M flybuys loyalty member records stolen via compromised marketing platform

View incident → Original disclosure Indexed 1 month, 3 weeks ago

medium · retail · Mar 1, 2026

LVMH Group

210K luxury retail customer records exposed

View incident → Original disclosure Indexed 2 months ago

critical · retail · Feb 25, 2026

Canadian Tire

1.1M customer loyalty records exposed in platform breach

View incident → Original disclosure Indexed 2 months, 1 week ago

medium · retail · Feb 20, 2026

CarMax

431,371 records exposed — Email addresses, Names, Phone numbers, Physical addresses

View incident → Original disclosure Indexed 2 months, 1 week ago

high · retail · Feb 18, 2026

Adidas (Third-Party Breach)

815K customer records stolen from third-party licensing partner — second breach in a year

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · retail · Feb 17, 2026

Canada Goose

581,877 records exposed — Device information, Email addresses, IP addresses, Names and 4 more

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · retail · Feb 16, 2026

Metro Inc. (Canada)

740K customer records from Jean Coutu pharmacy division exposed in ransomware attack

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · retail · Feb 15, 2026

Nike Inc.

1.2M SNKRS app user records exposed — sneaker purchase history and payment data stolen

View incident → Original disclosure Indexed 2 months, 2 weeks ago

high · retail · Feb 13, 2026

Fake AI Assistants in Google

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

View incident → Original disclosure Indexed 2 months, 2 weeks ago

critical · retail · Feb 11, 2026

Walgreens Boots Alliance

2.1M pharmacy patient records exposed via compromised health services vendor

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · retail · Feb 10, 2026

Weston Foods (George Weston)

340K employee and supply records exposed

View incident → Original disclosure Indexed 2 months, 3 weeks ago