The data breach on Hot Topic retail firm impacts millions of clients

November 14, 2024
Hot Topic Retail Firm US Data Breach Cyberattack Dark Web

An alleged data breach incident that impacts the American retail company Hot Topic has allegedly compromised the personal information of nearly 57 million customers. Based on reports, the incident has impacted customers at Hot Topic, Box Lunch, and Torrid.

The affected entity is an American retail chain specialising in counterculture-themed clothes, accessories, and licensed music goods. The company has at least 640 stores in the US and Canada, primarily in shopping malls.

Researchers confirmed that the exposed information contained various details, including full names, email addresses, birth dates, phone numbers, physical addresses, transaction history, and partial credit card information.

 

A threat actor named Satanic has claimed responsibility for the data breach on Hot Topic.

 

Late last month, a threat actor dubbed Satanic revealed on BreachForums that it is responsible for the cybersecurity incident that Hot Topic suffered. In addition, the threat actor claims to have stolen 350 million user records from Hot Topic and its subsidiaries, Box Lunch and Torrid.

This actor has attempted to sell the database for $20,000 while demanding a $100,000 ransom payment from Hot Topic to remove the listing from the dark web.

Separate research also claimed that the compromise could have been caused by an information stealer malware infection that acquired credentials for Hot Topic’s data unification service.

On the other hand, the compromised company remained silent about the incident, and no alert has yet been disseminated to potentially impacted customers. Further research also emphasised that the stolen database contains encrypted 25 million credit card numbers.

The researchers suspected the malicious campaign occurred on October 19; the data affected ranges from 2011 to the present. As of now, there is a website where the retail company’s consumers may see if their email address or phone number was included in the compromised information during the data breach. Meanwhile, the threat actor continues to sell the database, but the price is now reduced to $4,000.

Hot Topic customers potentially impacted by the attack should be wary of targeted phishing campaigns as the compromised data includes emails. Users should regularly monitor their financial accounts for suspicious activities to avoid unwanted activities that could result in monetary loss.

About the author

Leave a Reply