Retail & E-Commerce Data Breaches — Customer & Payment Compromises

Retail & E-Commerce Data Breaches (636 indexed)

high · retail · Aug 1, 2025

Maple Leaf Foods

560K supply chain records compromised in ransomware

View incident → Original disclosure Indexed 9 months, 3 weeks ago

critical · retail · Jul 15, 2025

Loblaws Digital (PC Optimum)

2.1M loyalty program records exposed

View incident → Original disclosure Indexed 10 months, 1 week ago

high · retail · Jul 15, 2025

Kohl's

670K customer records stolen

View incident → Original disclosure Indexed 10 months, 1 week ago

high · retail · Jul 15, 2025

Harvey Norman

340K customer records stolen via compromised e-commerce platform

View incident → Original disclosure Indexed 10 months, 1 week ago

high · retail · Jul 15, 2025

Five Below

340K customer payment records compromised

View incident → Original disclosure Indexed 10 months, 1 week ago

high · retail · Jul 1, 2025

El Corte Ingles

670K customer loyalty records stolen

View incident → Original disclosure Indexed 10 months, 3 weeks ago

medium · retail · Jun 25, 2025

Robinsons Malls

195,597 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 2 more

View incident → Original disclosure Indexed 11 months ago

critical · retail · Jun 15, 2025

Marks and Spencer

1.3M customer loyalty records exposed

View incident → Original disclosure Indexed 11 months, 1 week ago

critical · retail · Jun 15, 2025

Target Corporation (2025)

2.1M customer records exposed via compromised third-party loyalty platform integration

View incident → Original disclosure Indexed 11 months, 1 week ago

high · retail · Jun 10, 2025

WiredBucks

918,529 records exposed — Earnings, Email addresses, IP addresses, Names and 3 more

View incident → Original disclosure Indexed 11 months, 2 weeks ago

high · retail · Jun 7, 2025

Disk Union

690,667 records exposed — Email addresses, Geographic locations, Names, Passwords and 2 more

View incident → Original disclosure Indexed 11 months, 2 weeks ago

high · retail · Jun 5, 2025

AutoZone

184K customer records exposed including SSNs via MOVEit Transfer vulnerability exploitation

View incident → Original disclosure Indexed 11 months, 3 weeks ago

critical · retail · Jun 1, 2025

WestJet Airlines

1.2M passenger records including government IDs and travel documents

View incident → Original disclosure Indexed 11 months, 3 weeks ago

critical · retail · May 14, 2025

Woolworths Group (Australia 2025)

2.2M MyDeal customer records stolen via compromised subsidiary marketplace platform

View incident → Original disclosure Indexed 1 year ago

critical · retail · May 8, 2025

OnRPG

1,047,640 records exposed — Email addresses, IP addresses, Passwords, Usernames

View incident → Original disclosure Indexed 1 year ago

critical · retail · May 4, 2025

Sobeys / Empire Company

6.2M customer records compromised in Black Basta ransomware attack on Canadian grocery chain

View incident → Original disclosure Indexed 1 year ago

critical · retail · May 2, 2025

Co-op Group (UK)

DragonForce ransomware stole 20M customer records — payment and membership data exposed

View incident → Original disclosure Indexed 1 year ago

medium · retail · May 1, 2025

Harrods (UK)

Luxury retailer confirmed cyber incident — restricted internet access as precaution

View incident → Original disclosure Indexed 1 year ago

medium · retail · May 1, 2025

Adidas (Customer Service Platform)

Customer contact information exposed via unauthorized access to support platform

View incident → Original disclosure Indexed 1 year ago

critical · retail · May 1, 2025

Etsy

1.1M seller records compromised in targeted attack

View incident → Original disclosure Indexed 1 year ago

medium · retail · May 1, 2025

Harrods Department Store (UK)

Attempted cyberattack forced internet shutdown across all stores — systems isolated

View incident → Original disclosure Indexed 1 year ago

high · retail · Apr 30, 2025

Co-op Group (UK)

Attempted cyberattack forced Co-op to shut down IT systems — operations disrupted

View incident → Original disclosure Indexed 1 year ago

critical · retail · Apr 22, 2025

Marks & Spencer (UK)

3.2M customer records exposed in DragonForce ransomware attack — loyalty and contact data

View incident → Original disclosure Indexed 1 year, 1 month ago

high · retail · Apr 22, 2025

Marks & Spencer Cyber Incident

Cyberattack disrupted online ordering and contactless payments across UK stores

View incident → Original disclosure Indexed 1 year, 1 month ago