Leaked personal data of more than 500,000 employees and an unprotected 4GB database
08.09.2023

Here's a new report on recent data leaks from around the world. Today you will learn about the data leak of over 500,000 employees from a major clothing retailer and the 4GB open database from a popular digital publisher.

We'll start with the Forever 21 incident. Forever 21 is a multinational fast fashion retailer that is currently operated by Authentic Brands Group and Simon Property Group, with about 540 outlets. 
After discovering the incident in March 2023, the company began investigating and found that some systems were accessed by an unauthorized party between January and March 2023.
The accessed information belongs to former and current employees of the shop chain and includes:

  • Names
  • Dates of birth
  • Social Security Numbers (SSN)
  • Bank account numbers
  • Health plan information.

According to the breach notification filed with the Maine Attorney General's Office, the incident may have affected 539,207 individuals.

Forever 21 officials say they have no reason to believe that the compromised data was used for fraudulent purposes and that steps were taken in a timely manner to ensure that no unauthorized party had access to the company's data.

The next data leak came from the LADBible group, a popular publisher of viral media. The cause of the incident was an unsecured 4GB database containing the following information about the company's employees and business information: 

  • Employee emails
  • Links to employees' social media profiles
  • Current access roles of the employees
  • Device IDs of the employees
  • Access to system login panel used to control all employee devices, the servers, provide threat protection, and remote administration tools.

At this point, it is unknown how long the data has been in the public domain, the number of individuals affected and whether the information has been used fraudulently.
Although the leaked dataset is not typical and does not appear to reveal a lot of important personal data, such incidents can have serious consequences later on. For example, leaked information can be used by attackers to change passwords and company security policies, or to inject malicious code.
You can also read about the SAIS incident, in which an unsecured database exposed personal information about students, school employees and proprietary information.
 

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.