A huge data breach has affected an Australian global fashion brand, resulting in the exposure of approximately 3.5 million records. Cybersecurity expert, Jeremiah Fowler, identified and reported the breach, which involved a collection of unencrypted and non-password-protected documents.
The exposed documents included invoices, shipping information, and return details, containing personal identifiable information (PII) like names, physical addresses, email addresses, and phone numbers. The breach was then reported to cybersecurity and consultation firm vpnMentor.
According to Jeremiah, the exposed database contained 3,587,960 documents, totalling 292 GB. A sample investigated by Fowler revealed multiple instances of PII. Each PDF document contained extensive details of retail and corporate clients from 2015 to 2025, indicating a prolonged period of data accumulation.
The data, believed to be connected to SABO, a Brisbane-based clothing brand, included details ranging from domestic and international shipping documents to customer orders. Jeremiah alerted SABO to the breach, and the database was quickly secured, preventing further public access.
Despite the quick action to secure the data, the length of time the information remained exposed and whether any malicious parties accessed the information remains unknown. Only a thorough internal audit could potentially reveal any further breaches or suspicious activities.
The leak is concerning due to the detailed nature of the documents exposed, which included complete transaction histories. Such information puts affected individuals at risk of sophisticated phishing and social engineering attacks. Cybercriminals could use the detailed data to craft convincing emails and messages to trick recipients, potentially leading to further personal data theft or financial losses.
The data breach serves as a critical reminder of the importance of securing customer data. When things like this happen, companies should be reminded to adopt data protection measures, including using encryption, applying multi-factor authentication, and regularly auditing their data access and security protocols.
For consumers who suspect their data may have been compromised, it is recommended to remain vigilant. Checking the authenticity of communication from companies, not clicking on suspicious links, and monitoring their personal information for unusual activities are vital steps to protect against potential fraud.
For more information, click here.
More News
