10 – Guess In February 2021, apparel giant Guess experienced a ransomware attack that included the theft of customer data. Cyber attack type: DarkSide Ransomware Number of people affected: More than 1,300 people Damage: 200GB of data extracted
9 – Forever 21 In 2017, attackers accessed customer’s payment card data .The threat actors deployed malware to gather credit card data from the point-of-sale (POS) system Cyber attack type: Malware targeting POS systems Number of people affected: Undisclosed Damage: Hackers breached payment system for 7 months
8 – Bonobos In January 2021, a 70-gigabyte SQL backup file belonging to the retailer, was stolen from a third-party cloud provider and posted in a hacker forum. Cyber attack type: Attack against third-party cloud provider Number of people affected: 7 million Damage: 7 million shipping addresses
7 – Under Armour In February 2018, usernames, email addresses, and hashed passwords for approximately 150 million users of Under Armour’s MyFitnessPass were compromised Cyber attack type: Data Breach Number of people affected: 150 million Damage: Affected information included usernames, email addresses, and hashed passwords
6 – Saks Fifth Avenue/Lord & Taylor A 2018 malware attack against the retailers’ POS resulted in the theft of more than five million credit and debit card numbers Cyber attack type: Malware Number of people affected: 5 million Damage: Credit and debit card numbers were exposed
5 – CVS Health In 2021, a misconfigured database with 204 gigabytes, including customer email addresses, user IDs, and customer online search information was found publicly available Cyber attack type: Database Exposure Number of people affected: Undisclosed Damage: 1.1 billion records leaked
4 – eBay Using compromised employee credentials, attackers accessed approximately 145 million eBay accounts in 2014. Cyber attack type: Compromised employee credentials Number of people affected: 145 million Damage: Stolen passwords, usernames, e-mail addresses, physical addresses, phone numbers and dates of birth
3 – Neiman Marcus Group In September 2021, the retailer notified 4.6 million customers that a hacker had compromised online accounts in May 2020. Cyber attack type: Not disclosed Number of people affected: 4.6 million Damage: Access to personal data, usernames and passwords, customer names, contact information, credit card numbers
2 – Home Depot Using a third-party vendor’s login credentials, attackers gained access to Home Depot’s network , then deployed malware designed to infect the retail giant’s POS system Cyber attack type: Compromised third-party credentials/POS malware Number of people affected: 52 million Damage: Cost $215 million and paid $17.5 million to settle claims
1 – Target A 2013 cyber attack involving Target exposed 41 million payment cards and contact information for approximately 70 million customers. Cyber attack type: Spear phishing/malware Number of people affected: 70 million Damage: Cost $290 million and paid $18 million to settle claims
