Cyber-attack at fashion website affects 39 million individuals' data


In September 2018, the fashion company disclosed that they had suffered a "sophisticated" cyber attack that had exposed the private information of 6.4 million customers. The company explained that hackers infiltrated their servers through "back door entry points which were later closed and removed".

The exposed information consisted of customers' email addresses and encrypted password credentials for individuals who registered on the company's website.

In October 2022, the parent company was fined $1.9 million by the New York attorney general for failing to maintain reasonable security measures to protect customers’ data and for failing to notify over 32 million customers of the breach of their information.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:



We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here