Fashion retailer Hot Topic possibly breached again, exposing data of millions
Learn More
Cybersecurity firm Hudson Rock reports a significant data breach at fashion retailer Hot Topic that has potentially exposed sensitive personal information of millions of customers. Hudson Rock identified the breach after a hacker, known as "Satanic," began selling access to a database allegedly containing details from Hot Topic and its affiliated brands, BoxLunch and Torrid.
The hacker claims the database includes information on 350 million users and is offering it for $20,000, while demanding $100,000 from Hot Topic to remove the sale listing. Hudson Rock's investigation suggests the breach may have originated from an infostealer infection on a computer belonging to an employee at Robling, a third-party retail analytics firm.
Exposed Data:
- Names
- Email addresses
- Physical addresses
- Dates of birth
- Last four digits of credit cards
- Card types
- Hashed expiration dates
- Account holder names
- Loyalty points linked to customer profiles
As of now, Hot Topic and Robling have not publicly responded to these findings. Customers are advised to remain careful of potential phishing attempts, identity theft, or financial fraud resulting from this breach.
Hot Topic has already had two breaches in the last year, credential stuffing attacks reported in August 2023 and March 2024
Update - As of 11th of November 2024, the platform that tracks leaked credentials Have I Been Pwned warns that the data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers.
