Puma Data Breach: What Customers Need to Know

Another iconic brand falls victim of Chucky.

On December we covered a cyber security incident that happened to Adidas Morocco. At that time, 62k customers’ personal data, including emails and hashed passwords, were leaked online. You can read that article here.

On January 21, 2023 another major sportswear brand has suffered from a cyber security attack: Puma Chile’s online shop experienced a data breach.

Shockingly, the same threat actor, going by the name “Chucky” or “Leakbase”, accessed and leaked a significant amount of sensitive customer information.

Puma has previously suffered a major employee data breach due to a Kronos ransomware attack in late 2021.

Photo by Agata Samulska

What data has been breached online?

On January 21, 2023, allegedly the very same day, as the incident has happened, the hacker posted an SQL database of 84MB containing the customer information on a hacking underground forum. The Kaduu Team analysed the leaked database and here’s what we have found.

The compromised data includes information on 237k customers, such as:

customer email addresses, telephone numbers, names, document numbers, purchase details, billing and shipping addresses, “Oms Number”, and more.

The Kaduu Team attempted to verify authenticity of compromised data by registering an account with leaked credentials. One of the results can be seen on a screenshot below:

Puma’s representatives have stated that the company is “currently investigating a data leak at its Chilean e-commerce site to establish what data has been leaked and how this could have occurred.”

What does it mean for customers?

This data breach presents several potential risks for affected customers. First and foremost, their personal information is now in the hands of threat actors who may use it for fraudulent activities such as identity theft and phishing scams.

Personal information such as names, addresses, and telephone numbers can be used to impersonate the individual in question. Purchase history in the Chilean Puma online shop, can be used for a phishing or a spam attack.

Customers should be vigilant and monitor their accounts for any suspicious activity, and change passwords for any accounts that use the same email address or telephone number as the one provided to Puma Chile. They should also be careful of any unsolicited emails, phone calls, or text messages that may be attempts to scam or phish for their personal information.

Twice is a coincidence or a pattern?

Another sportswear, second in count, company’s data breach raises serious questions about cyber security practices in the e-commerce field. Online retailers handle a large amount of sensitive customer information, and it is crucial for them to implement robust security measures to protect against potential data breaches.

The data breach suffered by Puma Chile’s online shop highlights the importance of strong cyber security practices for online retailers. The potential risks for affected customers include identity theft and financial fraud, which can have serious consequences. It is also important for online retailers to have a plan in place for responding to data breaches and informing affected customers, as well as regularly auditing and testing their systems for vulnerabilities.

Finally, it’s important to note that companies are facing more and more cyber-attacks, as cybercriminals are becoming more sophisticated and the value of personal data has risen significantly. This highlights the importance of good cyber security practices for all companies, not just those in the e-commerce industry.

If you liked this article, we advise you to read our previous article about ChatGPT security risks. Follow us on Twitter and LinkedIn for more content.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.