It has been reported that clothing giant J.Crew has said an unknown number of customers had their online accounts accessed “by an unauthorised party” almost a year ago, but is only now disclosing the incident. The company said in a filing on Tuesday with the California attorney general that the hacker gained access to the customer accounts in or around April 2019. According to the letter, the hacker obtained information found in the customer’s online account — including card types, the last four digits of card payment numbers, expiration dates, and associated billing addresses. Online accounts also store the customer’s order numbers, shipping confirmation numbers, and shipment statuses.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.