Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Fashion Retailer. Show all posts

Aditya Birla Fashion and Retails Suffers Massive Data Breach

 

Aditya Birla Apparel & Retail Ltd (ABFRL), India's leading fashion firm, suffered a data breach on its portal that exposed the private details of both its customer and employees. 

Earlier this week, it was reported that the firm's 5,470,063 ABRFL accounts were compromised and the ransom demand made by the hacker gang called ShinyHunters was purportedly turned down. As a result, the information was made public on a famous hacking forum. 

Additionally, the reports claimed that the leaked information included customer information including names, phone numbers, addresses, dates of birth, order histories, credit card details, passwords, and details of employees, including salary details, religion, and marital status.

Server logs and vulnerability reports for ABFRL Indian apparel labels American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil are among the leaked information. 

As per the report of Restore Privacy, the  compromised database contained ABFRL client data, hundreds of thousands of invoices, as well as the company's website source code and server statistics. 

In a letter to its customers, the company said it is investigating a breach and assure its customers that no private information was leaked. “There was an information security incident entailing illegal access to customer (data)base and profile Info of some customers (was) released In some cyber forums. As a precautionary move, the company has reset all client passwords and enabled OTP-based authentication, as well as taken further steps to secure access to customer and employee information," the company’s representative stated. 

ABFRL, which reported a revenue of Rs 5,181.14 crore in the previous financial year, claims to be the country's largest "pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats". 

At the end of the second quarter of the ongoing fiscal, the company boasts of a network of 3,264 stores across approximately 26,841 multi-brand outlets. It has a repertoire of leading brands, such as Louis Philippe, Van Heusen, Allen Solly and Peter England, along with India's largest value fashion retail brand Pantaloons.

Cybersecurity researcher Rajaharia noted that the hacker group was claiming that ABFRL was storing its passwords using message-digest algorithm 5 (MD5), which is a dated algorithm.

“The company should constantly update its algorithms as otherwise; the affected users would not be able to secure their data even after changing their passwords. The hacker group would easily be able to gain user data access again by exploiting the vulnerabilities of the dated hashing algorithm,” the researcher said.

Fashion Retailer Guess Confirms Data Breach

 

Guess, the popular clothing and lifestyle brand is notifying the customers via letters of a data breach caused by a ransomware attack in February. Soon after the incident, the retailer contracted a cybersecurity firm to assist with their investigation into the ransomware attack.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor. The investigation determined that Social Security numbers, driver’s license numbers, passport numbers, and/or financial account numbers may have been accessed or acquired,” the letter reads.

Guess finally discovered the addresses of all affected customers after reviewing exposed documents on June 30. It began informing customers on June 09 and filed a breach notification a month later. While only 1,300 individuals may have been affected by the Guess data breach, the extent of the damage suffered by each affected customer should serve as a warning to enterprises of all sizes. 

Los Angeles-based Guess has 1,580 stores globally, including 280 in the U.S. and 80 in Canada. As of May, it added new shops equivalent to 539. They are situated globally in 100 countries.

In April, Databreaches.net reported that the  DarkSide ransomware gang claimed responsibility for the Guess data breach and ransomware attack, and they had studied Guess' financial records and learned the company brought in nearly $2.7 billion in revenue last year. 

"We recommend using your insurance, which just covers this case. It will bring you four times more than you spend on acquiring such a valuable experience. We act in stages and notify the press usually already when exactly sure that the company will not pay. As for [Guess and another company they named] -- I think the press will see them," the DarkSide representative said in messages translated from Russian.

"Although the DarkSide ransomware group is out of commission, that does not mean this breach is insignificant. The significant amount and very personal types of data being collected by the organization, including passport numbers, Social Security numbers, driver's license numbers, financial account and/or credit/debit card numbers with security codes, passwords, or PIN numbers, is an extremely valuable dataset for cybercriminals if they want to steal identities," Erich Kron, a  security analyst at KnowBe4, stated.