Cooler Master data breach exposing 500k customers

Cooler Master, a well-known computer hardware manufacturer based in Taiwan, is hit by a data breach resulting in the exposure of sensitive information belonging to over 500,000 customers. The breach was claimed by a threat actor using the alias 'Ghostr', who claimed to have stolen 103 GB of data from Cooler Master on May 18, 2024.

The compromised data includes:

• Names
• Addresses
• Dates of birth
• Phone numbers
• Email addresses
• Plain unencrypted credit card information, including card numbers, expiration dates, and CVV codes

The stolen data also includes Cooler Master's corporate, vendor, sales, warranty, inventory, and HR data.

Additionally, information related to Cooler Master's Fanzone members, which is used for product warranty registration, return merchandise authorization (RMA) requests, support contacts, and news updates, was also breached.

Ghostr provided a sample of the stolen data in the form of CSV files. One of the CSV files had around 1,000 records of recent customer support tickets and RMA requests, including customers' personal information and IP addresses. BleepingComputer confirmed the legitimacy of this data with several Cooler Master customers.

Cooler Master has not commented on the claims of breach. The threat actor stated that they attempted to contact Cooler Master for a ransom to avoid leaking or selling the data, but received no response. Ghostr has indicated intentions to sell the stolen data in the future but has not decided on a price.