Popular denim clothing brand Levi suffered a data breach on June 13 that leaked information on over 72,000 customers. This information included name, email addresses, delivery addresses, order histories, and partial financial information, including the last four digits of the card number, card type, and expiration if the affected account had payment information saved.
The attack captured the company’s attention by identifying an “unusual spike in activity” on its website. Investigation revealed that a credential stuffing attack may have been underway, with the attacker using a bot to test credentials on the Levi official site.
Levis disclosed the breach in a filing with the state attorneys general on Saturday, June 22. The filing stated that any data stored in Levi’s online accounts may have been accessed by cybercriminals. However, the company added that there’s no evidence to indicate that any of the stolen data has been exploited yet and that its systems weren’t breached. As for where the attackers got the data, Levi claims the criminals may have gotten their hands on credentials from other sources.
Credential stuffing attacks stem from internet users’ general habit of using the same password across multiple online accounts. If one online service is breached, attackers often use bots or other automation scripts to run password checks on other websites associated with the same user or email address to see if they can gain access to any other online accounts that may be using the same password. In Levi’s case, the company hasn’t disclosed any information or names as to where this breach may have originated.
Regardless, all affected users have received password resets from Levi and have been advised to change their passwords on other sites as an added precaution. However, the clothing giant did not provide any credit monitoring services or the like to the affected users, instead encouraging them to “remain vigilant against incidents of identity theft and fraud,” review their account statements, and monitor credit reports for suspicious activity.
In the News: 33 TB of Federal Reserve Data allegedly breached by Lockbit