Motorcycle and automotive parts retailer Dennis Kirk has suffered a data breach, exposing a significant cache of customer information, including 1.3 million unique email addresses, names, phone numbers, postal codes, and purchase histories.
The breach reportedly dates back to September 2021 but only surfaced publicly in October 2024, when a data sample was posted for sale on the hacking forum BreachForums by the user known as IntelBroker. The information, spanning 20GB and including millions of records, has since been confirmed and indexed by Have I Been Pwned (HIBP), a breach notification service.
Dennis Kirk, based in Minnesota, is a prominent name in the motorcycle supply and automotive parts industry, catering to enthusiasts with a wide range of products. Established in 1969, the retailer is known for its extensive inventory of motorcycle and ATV parts, accessories, and apparel. Its high-volume online presence and catalog have positioned it as a leading retailer in the U.S. market, appealing to both casual and professional riders nationwide.
The breach announcement on BreachForums was made by IntelBroker, who also credited two other threat actors, “almighty444” and “EnergyWeaponUser,” as collaborators. The forum post, dated October 11, 2024, revealed a sample of Dennis Kirk’s customer data and offered the entire database for sale, accepting payments exclusively in Monero (XMR), a cryptocurrency known for being hard to trace. The post claimed that the compromised database included approximately 12.2 million entries, suggesting that a significant portion of Dennis Kirk’s customer data had been exposed.
Today, data breach alerting service Have I Been Pwned added the data to its platform after receiving it from the threat actors, so it’s sending out notices to impacted individuals. Though IntelBroker claimed to be holding information on 12.2 million customers, HIBP was only given roughly 10% of that, including the following information:
- 1.3 million unique customer emails
- Full names
- Phone numbers
- Geographic locations
- Order histories
- Order dates and IDs
According to HIBP, around 91% of the compromised email addresses had already been part of previous breaches, so roughly 117,000 accounts were exposed for the first time.
Repeated attempts by HIBP to contact Dennis Kirk about the breach received no response. Similarly, efforts by CyberInsider to reach the company for a statement have gone unanswered as of the publication of this article.
The breach places Dennis Kirk’s customers at increased risk of phishing, identity theft, and other forms of online fraud. With personally identifiable information (PII) and transactional data for sale, threat actors could potentially use this data for targeted attacks on both individuals and the company itself.
Default iOS Settings Make Locked iPhones Vulnerable to Attacks
Leave a Reply