Retail & E-Commerce Data Breaches — Customer & Payment Compromises

Retail & E-Commerce Data Breaches (636 indexed)

high · retail · Oct 5, 2024

Metro Inc (grocery)

890K customer records stolen in credential stuffing

View incident → Original disclosure Indexed 1 year, 7 months ago

critical · retail · Oct 1, 2024

Mercado Libre (Argentina)

1.8M user records stolen in targeted attack

View incident → Original disclosure Indexed 1 year, 7 months ago

high · retail · Sep 30, 2024

Central Tickets

722,860 records exposed — Device information, Email addresses, IP addresses, Names and 3 more

View incident → Original disclosure Indexed 1 year, 7 months ago

critical · retail · Sep 15, 2024

Games Box

1,439,354 records exposed — Ages, Email addresses, Genders, Passwords and 1 more

View incident → Original disclosure Indexed 1 year, 8 months ago

medium · retail · Sep 12, 2024

Bath & Body Works

560K loyalty program member records exposed via API vulnerability in rewards platform

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Sep 8, 2024

Aritzia Fashion (Canada)

420K customer records exposed via compromised e-commerce platform — payment data included

View incident → Original disclosure Indexed 1 year, 8 months ago

critical · retail · Sep 6, 2024

Boulanger (France)

27M customer records stolen from French electronics retailer

View incident → Original disclosure Indexed 1 year, 8 months ago

medium · retail · Sep 1, 2024

Market Moveis

28,220 records exposed — Email addresses, Names

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Sep 1, 2024

AB InBev (Belgium)

450K employee and distributor records stolen

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Aug 28, 2024

Sport 2000

3,189,643 records exposed — Dates of birth, Email addresses, Names, Phone numbers and 3 more

View incident → Original disclosure Indexed 1 year, 8 months ago

high · retail · Aug 25, 2024

IHG Hotels & Resorts

380K loyalty member records exposed via compromised API in mobile booking app

View incident → Original disclosure Indexed 1 year, 9 months ago

high · retail · Aug 13, 2024

LDLC

1,266,026 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more

View incident → Original disclosure Indexed 1 year, 9 months ago

critical · retail · Aug 12, 2024

DoorDash (2024)

4.9M customer delivery records exposed via compromised third-party payment processor

View incident → Original disclosure Indexed 1 year, 9 months ago

high · retail · Aug 10, 2024

Lazada (Southeast Asia)

890K customer records exposed

View incident → Original disclosure Indexed 1 year, 9 months ago

critical · retail · Aug 5, 2024

Tim Hortons (parent RBI)

1.1M loyalty program records exposed

View incident → Original disclosure Indexed 1 year, 9 months ago

high · retail · Aug 5, 2024

Nordstrom

340K customer loyalty records exposed

View incident → Original disclosure Indexed 1 year, 9 months ago

high · retail · Aug 5, 2024

GameStop

340K customer records exposed — payment card data and Power Up Rewards member information

View incident → Original disclosure Indexed 1 year, 9 months ago

high · retail · Aug 3, 2024

Avis Budget Group

299K customer records accessed via business application vulnerability

View incident → Original disclosure Indexed 1 year, 9 months ago

critical · retail · Aug 2, 2024

LuLu

2,796,835 records exposed — Email addresses, Names, Passwords, Phone numbers and 2 more

View incident → Original disclosure Indexed 1 year, 9 months ago

critical · retail · Jul 19, 2024

Delta Air Lines (CrowdStrike)

CrowdStrike outage grounded 5,000+ flights — $500M loss, customer data exposed during recovery

View incident → Original disclosure Indexed 1 year, 10 months ago

critical · retail · Jul 12, 2024

Rite Aid

2.2M customer records including purchase history and ID data stolen in ransomware attack

View incident → Original disclosure Indexed 1 year, 10 months ago

high · retail · Jul 10, 2024

Ulta Beauty

770K customer records exposed via credential stuffing on loyalty program — Ultamate Rewards

View incident → Original disclosure Indexed 1 year, 10 months ago

high · retail · Jul 10, 2024

The Heritage Foundation

72,004 records exposed — Email addresses, IP addresses, Names, Passwords and 1 more

View incident → Original disclosure Indexed 1 year, 10 months ago

high · retail · Jul 9, 2024

Neiman Marcus

31,152,842 records exposed — Dates of birth, Email addresses, IP addresses, Names and 4 more

View incident → Original disclosure Indexed 1 year, 10 months ago