Retail & E-Commerce Data Breaches — Customer & Payment Compromises

Retail & E-Commerce Data Breaches (599 indexed)

critical · retail · Oct 30, 2024

VimeWorld

3,118,964 records exposed — Email addresses, IP addresses, Passwords, Usernames

View incident → Original disclosure Indexed 1 year, 6 months ago

critical · retail · Oct 27, 2024

StreamCraft

1,772,620 records exposed — Email addresses, IP addresses, Passwords, Usernames

View incident → Original disclosure Indexed 1 year, 6 months ago

high · retail · Oct 26, 2024

The Club Penguin Experience

6,342 records exposed — Age groups, Email addresses, Password hints, Passwords and 1 more

View incident → Original disclosure Indexed 1 year, 6 months ago

medium · retail · Oct 25, 2024

digiDirect

304,337 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 1 more

View incident → Original disclosure Indexed 1 year, 6 months ago

critical · retail · Oct 21, 2024

Hot Topic / BoxLunch / Torrid

57M customer records stolen — largest retail breach of 2024, sold on dark web forums

View incident → Original disclosure Indexed 1 year, 6 months ago

critical · retail · Oct 21, 2024

Hot Topic / BoxLunch

350M customer records exposed in credential stuffing

View incident → Original disclosure Indexed 1 year, 6 months ago

high · retail · Oct 17, 2024

AlpineReplay

898,681 records exposed — Dates of birth, Email addresses, Genders, Names and 3 more

View incident → Original disclosure Indexed 1 year, 6 months ago

high · retail · Oct 15, 2024

Tractor Supply Company

480K customer records exposed via compromised e-commerce partner integration

View incident → Original disclosure Indexed 1 year, 6 months ago

high · retail · Oct 8, 2024

Party City Holdings

850K customer records exposed — e-commerce platform breach exposed payment card data

View incident → Original disclosure Indexed 1 year, 6 months ago

high · retail · Oct 5, 2024

Metro Inc (grocery)

890K customer records stolen in credential stuffing

View incident → Original disclosure Indexed 1 year, 6 months ago

critical · retail · Oct 1, 2024

Mercado Libre (Argentina)

1.8M user records stolen in targeted attack

View incident → Original disclosure Indexed 1 year, 7 months ago

high · retail · Sep 30, 2024

Central Tickets

722,860 records exposed — Device information, Email addresses, IP addresses, Names and 3 more

View incident → Original disclosure Indexed 1 year, 7 months ago

critical · retail · Sep 15, 2024

Games Box

1,439,354 records exposed — Ages, Email addresses, Genders, Passwords and 1 more

View incident → Original disclosure Indexed 1 year, 7 months ago

medium · retail · Sep 12, 2024

Bath & Body Works

560K loyalty program member records exposed via API vulnerability in rewards platform

View incident → Original disclosure Indexed 1 year, 7 months ago

high · retail · Sep 8, 2024

Aritzia Fashion (Canada)

420K customer records exposed via compromised e-commerce platform — payment data included

View incident → Original disclosure Indexed 1 year, 7 months ago

critical · retail · Sep 6, 2024

Boulanger (France)

27M customer records stolen from French electronics retailer

View incident → Original disclosure Indexed 1 year, 7 months ago

high · retail · Sep 1, 2024

AB InBev (Belgium)

450K employee and distributor records stolen

View incident → Original disclosure Indexed 1 year, 8 months ago

medium · retail · Sep 1, 2024

Market Moveis

28,220 records exposed — Email addresses, Names

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Aug 28, 2024

Sport 2000

3,189,643 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 3 more

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Aug 25, 2024

IHG Hotels & Resorts

380K loyalty member records exposed via compromised API in mobile booking app

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Aug 13, 2024

LDLC

1,266,026 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more

View incident → Original disclosure Indexed 1 year, 8 months ago

critical · retail · Aug 12, 2024

DoorDash (2024)

4.9M customer delivery records exposed via compromised third-party payment processor

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Aug 10, 2024

Lazada (Southeast Asia)

890K customer records exposed

View incident → Original disclosure Indexed 1 year, 8 months ago

critical · retail · Aug 5, 2024

Tim Hortons (parent RBI)

1.1M loyalty program records exposed

View incident → Original disclosure Indexed 1 year, 8 months ago