A women’s clothing retailer in the US has disclosed a cyberattack that exposed the private data of more than 50,000 customers.
Francesca’s says the data breach affected 58,387 people, exposing their financial account, credit, or debit card numbers, along with security and access codes and PINs.
The disclosure, made by law firm Cipriani & Werner on behalf of Francesca’s, was published on September 25th by the Attorney General’s Office in Maine, which imposes tough reporting rules on firms suffering attacks that involve its residents.
Francesca’s operates 547 retail outlets across 45 states, meaning that the potential victims are likely spread across the US. Its online website service boasts 20 million visits a year.
The boutique chain cannot confirm whether the exposed data has been used in other cyberattacks, but it's likely to have been sold on to other threat actors, who could use it to commit fraud and other crimes.
The incident began in January, when Francesca’s said it detected a “potential network disruption” in its computer systems. It launched an investigation, which was able to confirm by August that a threat actor had indeed breached its systems and accessed sensitive data.
“Upon learning of this incident, we immediately took steps to secure our systems and investigate the incident,” said Francesca’s. “We implemented additional technical safeguards to further enhance the security of information in our possession.”
The retailer has offered affected customers a year of free identity protection services, and urges them to regularly check their financial accounts and report any suspicious activity to their provider.
More from Cybernews:
Subscribe to our newsletter