ST. NORBERT CHURCH   RATES

Socialize

Bonobos Clothing Company Suffers Massive Data Breach

Bonobos men’s clothing store has suffered a massive data breach exposing millions of customers’ personal information after a cloud backup of their database was downloaded by a threat actor. Bonobos states that the corporate systems were not breached during the attack.

Bonobos started as an online men’s clothing store but later expanded to sixty locations to try on clothes before purchasing them. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site.

Massive 70 GB database leaked

This leaked database is a monstrous 70 GB SQL file containing various internal tables used by the Bonobos website. The database also includes various data far more interesting to threat actors, such as customers’ addresses, phone numbers, partial credit card numbers (last four digits), order information, password histories.

The amount of records varies depending on the category of the data. For example, the address and phone numbers are for 7 million customers/orders, account information for 1.8 million registered customers, and 3.5 million partial credit card records.

  • Who: Bonobos, an online clothing retailer and Walmart subsidiary
  • Data breach disclosure date: January 22, 2021
  • Impact: 7 million customers
  • Breached data includes:
    • Customers’ e-mail addresses (7M customers)
    • Phone numbers (7M customers)
    • Last 4 digits of credit card numbers (3.5M customers)
    • Order information (1.8M customers)
    • Encrypted Passwords (1.8M customers)

 

 

Bonobos sent an email communication to their customers prompting them to change passwords for their Bonobos account and any other accounts that share the same password.

 

The company later sent HMG-CN a statement:

  • The amount of records varies depending on the category of the data. For example, the address and phone numbers are for 7 million customers/orders, account information for 1.8 million registered customers, and 3.5 million partial credit card records.

    • Who: Bonobos, an online clothing retailer and Walmart subsidiary
    • Data breach disclosure date: January 22, 2021
    • Impact: 7 million customers
    • Breached data includes:
      • Customers’ e-mail addresses (7M customers)
      • Phone numbers (7M customers)
      • Last 4 digits of credit card numbers (3.5M customers)
      • Order information (1.8M customers)
      • Encrypted Passwords (1.8M customers)

To clarify, 7 million customers were not impacted. Rather, a total of 7 million addresses were visible. Customers often ship to more than one address, or use a different billing address, but again, this does not mean 7 million customers were impacted. In fact, the number was far less. 

We suggest updating the above to the following:

  • The amount of records varies depending on the category of the data. For example, 7 million addresses, account information for 1.8 million registered customers, and 3.5 million partial credit card records.

    • Who: Bonobos, an online clothing retailer and Walmart subsidiary
    • Data breach disclosure date: January 22, 2021
    • Breached data includes:
      • 7 million addresses  
      • Last 4 digits of credit card numbers (3.5M customers)
      • Order information (1.8M customers)
      • Encrypted Passwords (1.8M customers)