Bonobos Clothing Company Suffers Massive Data Breach

Bonobos men’s clothing store has suffered a massive data breach exposing millions of customers’ personal information after a cloud backup of their database was downloaded by a threat actor. Bonobos states that the corporate systems were not breached during the attack.

Bonobos started as an online men’s clothing store but later expanded to sixty locations to try on clothes before purchasing them. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site.

Massive 70 GB database leaked

This leaked database is a monstrous 70 GB SQL file containing various internal tables used by the Bonobos website. The database also includes various data far more interesting to threat actors, such as customers’ addresses, phone numbers, partial credit card numbers (last four digits), order information, password histories.

The amount of records varies depending on the category of the data. For example, the address and phone numbers are for 7 million customers/orders, account information for 1.8 million registered customers, and 3.5 million partial credit card records.

Who: Bonobos, an online clothing retailer and Walmart subsidiary

Data breach disclosure date: January 22, 2021

Impact: 7 million customers

Breached data includes:

Customers’ e-mail addresses (7M customers)

Phone numbers (7M customers)

Last 4 digits of credit card numbers (3.5M customers)

Order information (1.8M customers)

Encrypted Passwords (1.8M customers)

Bonobos sent an email communication to their customers prompting them to change passwords for their Bonobos account and any other accounts that share the same password.

Original Post: HMG (Hews Media Group)