Banks, hospitals, universities, the post office, the grocery…and now, the underwear store

Auntie P / Foter / CC BY-NC-SA

Ok, Hanes sells much more than underwear, but they got hacked. Most didn’t notice, because, well, y’know – the AshleyMadison fire is still burning, the OPM debacle has magnified with the United Airlines hack connection and the Census Bureau breach still has everyone talking.

The Winston-Salem Journal has a good article about the details. Some summary points below:

• The breach involved “information (that) is readily available in the public domain, such as on packaging labels or a restaurant receipt. There was no visibility to email addresses or full credit-card numbers.”
• The hacker gained access to general customer information through the company’s website by posing as a “guest” customer checking an order
• The hacker was able to get information including addresses, phone numbers and last four digits of a credit or debit card of other customers
• Affected customers bought items online or by telephone and used the “guest” option
• Retail stores were not affected
• The data was exposed the last week of June 2015 and into early July 2015
• Data for registered user account information, such as log-in name and passwords, is kept in a separate database and was not viewable by the hacker
• Registered users’ order status information “could have been viewed, so there are registered users among the 900,000 customers.”
• Corporate software systems were not breached
• No motive has been determined for this breach
• Hanes’ security experts have determined that there is no credible identity or credit risk to customers

And…

Hanes was notified by the hacker “to let us know that it had been done.”

Customers are being notified by email or mail. Customers…including me.

Hanes – Breach notification – July 29 2015

So, Hanes…can those of us impacted by this breach get a break from the sale notifications; for like, a week? 

Hanes – Sale – July 30