On April 15, 2024, Le Slip Français, a French apparel manufacturer, experienced a significant data breach in which personal information of approximately 1.5 million customers was stolen by hackers. The breach compromised data such as names, phone numbers, email addresses, postal addresses, and sometimes even order numbers.
The incident was discovered on April 15 but was apparently executed a few days earlier, with the attackers posting the stolen database for sale on April 13, 2024, under the alias “ShopifyGUY” on BreachForums.
The company says it quickly responded by setting up a crisis unit, in collaboration with cybersecurity experts, and has taken all necessary security measures to contain the attack. No passwords or payment card information were compromised in this incident.
Le Slip Français has communicated the breach to customers through an announcement on its site and also notification letters, and has implemented rigorous monitoring to detect any potential misuse of the stolen data. They have filed a complaint for fraudulent access to an automated data processing system and reported the incident to the CNIL (Commission Nationale de l'Informatique et des Libertés), France's data protection authority.
According to the data shared on BreachForums by “ShopifyGUY,” the database includes detailed customer information, suggesting a comprehensive breach of personal data. The leak contained over 1.5 million email addresses and 696,144 full sets of customer details, which included their email addresses, names, phone numbers, physical addresses, and details about their purchases.
In a sample of a customer notification published by Troy Hunt on X, Le Slip Français has expressed regret over the incident and remains committed to supporting their mission to “reinvent the French textile industry.” They assure customers of ongoing efforts to bolster security and prevent such incidents in the future. Additionally, the company has made customer service contacts available for clients facing any difficulties due to the breach.
For affected users, it is crucial to stay vigilant for signs of identity theft or fraud. Monitoring financial statements and using identity protection services can help mitigate potential damage. It's also recommended that passwords be changed and two-factor authentication is enabled where possible.
Breach alert service Have I Been Pwned has also added the exposed emails to its database, so impacted customers should have received a notification via email. Users who might be using the same credentials on other platforms should reset their passwords as soon as possible.
Botnet Operator Charged with Major Cyber Crimes in the U.S.
Leave a Reply