Customer data of a global Japanese retailer has been exposed in a major hack.
Uniqlo, which operates more than 2,000 stores in 19 markets worldwide, including about 50 U.S. stores, is acknowledging more than 460,000 online customer accounts were fraudulently accessed between April 23 and May 10, 2019. Personal information that may have been exposed in the attack includes first and last names, full residential and shipping addresses, landline and mobile phone numbers, email address, gender, date of birth, purchase history, and partial credit card information including cardholder, expiration date, and part of credit card number.
However, because it hides credit card numbers except for the first and last four digits and does not display or store CVV security code numbers, Uniqlo says there is no possibility of hackers gaining unauthorized access to customer credit card accounts.
Uniqlo’s investigation has determined the unauthorized customer account logins were performed via "list-type account hacking,” using customer user IDs and passwords that may have been used at other companies which were previously hacked. The retailer is advising all customers who use the same online password at other companies to change their password as soon as possible.
Uniqlo has reported the matter to the Tokyo Metropolitan Police Department. This marks the second major retail security breach to be reported in the last two days. Yesterday, Sprint subsidiary Boost Mobile
reported that hackers had gained unauthorized access to an unspecified number of customer accounts on March 14, 2019. h