Bonobos Data Breach Leaks Customers Personal Information

Bonobos, the popular men’s clothing store, suffered a huge data breach that exposed millions of customers’ personal data. The breach was reported after a cloud backup of their database was downloaded by a hacker known as ShinyHunters, known for hacking, stealing and selling databases. The database was then posted on a free forum.

The leaked Bonobos database is a 70 GB file containing customers’ addresses, order information, phone numbers, partial credit card numbers, driver’s license numbers, age and date of birth, gender, nationality, purchase history information, location and passwords. Bonobos has said the hackers did not gain access to their internal network but accessed a backup file hosted in an external cloud system.

The company said in a statement that an unauthorized third party was able to view the backup file, and once discovered the breach, contacted the host and took further security action, including turning off access points, invalidated account passwords and requiring password resets.

The address and phone numbers leaked are for seven million orders, account information for almost two million registered customers, and 3.5 million partial credit card records. Bonobos says contact information and passwords may have been viewed but payment information was not.

The Lyon Firm handles class action data breach lawsuits on behalf of plaintiffs nationwide and has experience engaging some of the largest corporations in the country following personal data misuse and privacy breach incidents.

Bonobos Data Breach

Data breach events have become commonplace, and even though companies are aware of the security threats, they may overlook details of a cloud infrastructure, creating hacking vulnerabilities. Cloud security failures can compromise personal data for millions of consumers, and it is the responsibility of companies collecting and storing data to protect consumers’ personal information.

While IaaS platforms like Azure and AWS are contracted to maintain and secure a network and storage, they are not responsible for properly configuring the infrastructure and protecting the data stored within it. Companies like Bonobo are responsible for securing their data at all costs. The frequent data breaches underscore the lack of knowledge or concern until it is too late and data is exposed.

Experts say in order to minimize attacks, data files should be managed and protected by a layered security system that has encryption end-to-end. Following any data breach incident, victims can contact an attorney to weigh legal action.

The leaked Bonobos database is a 70 GB file containing customers’ addresses, order information, phone numbers, partial credit card numbers, driver’s license numbers, age and date of birth, gender, nationality, purchase history information, location and passwords. Bonobos has said the hackers did not gain access to their internal network but accessed a backup file hosted in an external cloud system.

The company said in a statement that an unauthorized third party was able to view the backup file, and once discovered the breach, contacted the host and took further security action, including turning off access points, invalidated account passwords and requiring password resets.

The address and phone numbers leaked are for seven million orders, account information for almost two million registered customers, and 3.5 million partial credit card records. Bonobos says contact information and passwords may have been viewed but payment information was not.

The Lyon Firm handles class action data breach lawsuits on behalf of plaintiffs nationwide and has experience engaging some of the largest corporations in the country following personal data misuse and privacy breach incidents.

Bonobos Data Breach

Data breach events have become commonplace, and even though companies are aware of the security threats, they may overlook details of a cloud infrastructure, creating hacking vulnerabilities. Cloud security failures can compromise personal data for millions of consumers, and it is the responsibility of companies collecting and storing data to protect consumers’ personal information.

While IaaS platforms like Azure and AWS are contracted to maintain and secure a network and storage, they are not responsible for properly configuring the infrastructure and protecting the data stored within it. Companies like Bonobo are responsible for securing their data at all costs. The frequent data breaches underscore the lack of knowledge or concern until it is too late and data is exposed.

Experts say in order to minimize attacks, data files should be managed and protected by a layered security system that has encryption end-to-end. Following any data breach incident, victims can contact an attorney to weigh legal action.