- Hacker claims to possess two main files -Orders.csv, consisting of 239,000 rows, and MobilePhone.csv, containing 116,000 entries.
A recent post on a notorious dark web forum has ignited concerns over a potential data breach involving Giordano, a prominent fashion and retail brand with a substantial presence in the Middle East.
The post alleges the unauthorised access and sale of sensitive information extracted from the company’s database, raising significant apprehensions regarding the security of consumer data and the integrity of corporate practices in safeguarding such information.
The threat actor claims to possess two main files: Orders.csv, consisting of 239,000 rows, and MobilePhone.csv, containing 116,000 entries. The Orders.csv file is purported to include critical order details, such as order codes, payment information, and customer identifiers, all of which are vital for transaction tracking and customer service operations.
Monetising stolen data
In parallel, the MobilePhone.csv file allegedly houses personal identifiers, including mobile phone numbers and country codes, which are particularly sensitive as they could facilitate targeted phishing or identity theft.
The post further claims that the alleged database is available for purchase, strictly accepting Monero (XMR), a cryptocurrency noted for its privacy features and frequent usage in illicit transactions.
This preference underscores the seriousness of the situation, as it not only highlights the intent to evade detection but also indicates a calculated approach by the threat actor to monetise the stolen data.
In light of these allegations, it is imperative for Giordano to publicly address the situation, reassure stakeholders of their commitment to data protection, and actively investigate the claims.
Moreover, this incident serves as a critical reminder regarding the ongoing challenges companies face in safeguarding customer information and the necessity for robust cybersecurity measures to mitigate potential breaches.