scorecardIf you bought anything from these 10 companies in the last year, your data may have been stolen
  1. Home
  2. slideshows
  3. miscellaneous
  4. If you bought anything from these 10 companies in the last year, your data may have been stolen

If you bought anything from these 10 companies in the last year, your data may have been stolen

Marriot hotels

If you bought anything from these 10 companies in the last year, your data may have been stolen

Kay Jewelers

Kay Jewelers

Signet Jewelers, parent company of Kay Jewelers, had a vulnerability in its website that exposed customers' information after they had purchased jewelry online.

By changing the link customers received confirming online orders, anyone could access information including customers' names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link.

Only the last four digits of a customer’s credit-card number were on the page, however.

The issue was fixed in November for orders going forward. It was fixed for past orders in December, according to Krebs on Security.

Jared The Galleria of Jewelry

Jared The Galleria of Jewelry

Signet Jewelers also owns Jared The Galleria of Jewelry, which had the same vulnerability as Kay.

Cheddar's Scratch Kitchen

Cheddar

Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack.

Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may have had their credit-card information stolen. Darden estimates that 567,000 card numbers could have been compromised.

Customers affected would have visited a Cheddar's location in any one of these states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin.

Macy's

Macy

Macy's confirmed that some customers shopping online at Macys.com and Bloomingdales.com between April 26 and June 12 could have had their personal information and credit-card details exposed to a third party.

Macy's did not confirm exactly how many people were impacted. However, a spokesperson for the company said the breach was limited to a small group of people.

Macy's said in a statement: "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services."

Adidas

Adidas

Adidas announced in June that an "unauthorized party" said it had gained access to customer data on Adidas' US website. Currently, the company believes only customers who shopped on and purchased items from the US version of Adidas.com may have been affected by the breach.

The data that is potentially at risk includes customer contact information like email addresses and physical addresses, as well as login information like usernames and passwords. The passwords were stored with an encryption, however, which would need to be unencrypted before they could be used.

Adidas did not say exactly how many customers could have been affected by the breach, but an Adidas spokeswoman confirmed it was likely "a few million."

Saks Fifth Avenue

Saks Fifth Avenue

Hudson's Bay, the parent company of Saks Fifth Ave, confirmed in April that a data breach compromised payment systems and therefore customers' credit and debit cards.

Estimates of the amount of affected customers were not released, but it could number in the millions. Online customers were not affected.

Lord & Taylor

Lord & Taylor

Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach.

Under Armour's MyFitnessPal app

Under Armour

While Under Armour's store systems or online store weren't affected, the retailer confirmed in March that data from its MyFitnessPal app was accessed by an "unauthorized party."

Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. More than 150 million people's information was likely compromised.

Panera Bread

Panera Bread

Panera Bread confirmed on April 2 that it was notified of a data leak on its website.

At the time, it said personal information, including names, addresses, and partial credit card numbers may have leaked, though the company says the investigation is ongoing.

Advertisement