Levi Strauss & Co. (LS&Co.) detected a significant cybersecurity breach affecting 72,231 individuals. The breach was a result of a credential stuffing attack, where attackers used email and password combinations obtained from other sources to gain unauthorized access to user accounts on Levi.com.
Levi Strauss & Co., headquartered in San Francisco, California, is a globally recognized brand known for its iconic denim products. The company operates worldwide and has a significant online presence through its e-commerce platform, Levi.com.
The breach was reported to the Office of the Maine Attorney General. The breach occurred on June 13, 2024, and was immediately identified and contained by LS&Co. ‘s security team. Affected customers were notified electronically on June 21, 2024, urging them to reset their passwords and secure their accounts.
The breach involved unauthorized parties accessing accounts and viewing personal information such as names, email addresses, order histories, and partial payment information. However, there is no evidence to suggest that any fraudulent purchases were made using the compromised information, as LS&Co. ‘s systems require secondary authentication for saved payment methods.
In response to the attack, LS&Co. implemented several immediate actions:
- Issued a forced password reset for all affected accounts.
- Conducted a thorough investigation to confirm the nature and scope of the incident.
- Enhanced website cybersecurity measures to prevent future attacks.
Levi Strauss & Co. emphasizes the importance of unique, complex passwords for each online account to prevent unauthorized access through credential stuffing attacks. Customers are encouraged to reset passwords on Levi.com and any other sites where they may have reused passwords.
To mitigate potential risks, LS&Co. advises customers to monitor their accounts for unusual activity and consult the Federal Trade Commission's guidance on secure password practices. Additionally, LS&Co. provides resources for placing fraud alerts and security freezes on credit reports to further protect against identity theft.
For more information or assistance, affected customers can contact Levi's Customer Service via email at help@levi.com or by calling 1-800-872-5384.
FIN9 Hackers Causing $71M Damages to U.S. Firms Charged
Leave a Reply