J.Crew reveals security incident from 2019 to customers

Tuesday 10 March 2020 15:19 CET | News

J.Crew, an US-based retailer, has suffered a credential stuffing attack that may have compromised the personal data of customers.

Fraudulent activity was noticed in the first half of 2019, but the company did not reveal the number of compromised accounts on their website. Even this way, it is known that California law oblige security breach notices only if the incident affects more than 500 residents.

Besides the compromised email addresses and passwords, there is a possibility that additional information stored on the account may have been accessed. This includes the last four digits of credit card numbers, expiration dates, card types, billing addresses, order number and shipping confirmation numbers, along with order status.

To minimise the damages, the company disabled the accounts marked with suspicious activity, and asked users to reset their login passwords.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: retail, US, credential stuffing attack, J.Crew, personal data, California, security, data breach
Categories: Fraud & Financial Crime
Countries: United States
This article is part of category

Fraud & Financial Crime

Industry Events