In September 2018, the fashion company disclosed that they had suffered a "sophisticated" cyber attack that had exposed the private information of 6.4 million customers. The company explained that hackers infiltrated their servers through "back door entry points which were later closed and removed".
The exposed information consisted of customers' email addresses and encrypted password credentials for individuals who registered on the company's website.
In October 2022, the parent company was fined $1.9 million by the New York attorney general for failing to maintain reasonable security measures to protect customers’ data and for failing to notify over 32 million customers of the breach of their information.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions