J. Crew reports data breach of customer accounts

March 5, 2020
| No Comments

Dive Brief:

  • J. Crew earlier this week reported a data breach notice with the State of California Department of Justice that stated some customer’s information was “obtained by an unauthorized party” in or around April 2019. The news was first reported by TechCrunch. The number of impacted customers was not stated.

  • The company reported that data possibly obtained includes users’ login credentials, including email address and password. Accessible data also includes consumers’ saved last four digits of credit card numbers, billing addresses, order numbers, shipping confirmation numbers, and shipment status of those orders, per the data breach notification.

  • The retailer does not think that the hackers gained access to other account information, but has disabled the accounts that were impacted. The company is advising customers to reset their password and also change their password to any other accounts where the same password was used, according to the notification. The company did not immediately respond to Retail Dive’s request for comment.

Dive Insight:

The number of J. Crew customers impacted by this incident is not stated, although the letter submitted to the State of California Department of Justice is a multi-state notification. Additionally, California law states that businesses are required to issue a security breach notification if it impacts more than 500 California residents.​

Although J. Crew is a recent victim of a data breach, other retailers, including Hudson’s Bay and Macy’s, have also suffered hacks in recent years.

Retailers have been trying to guard against these crimes, watching for potential vulnerabilities internally and those caused by third-party partners. The average total cost of a data breach is $3.92 million, according to a 2019 IBM report.

News of the breach comes after the retailer named a new CEO in January and announced on Tuesday that it delayed its proposed Madewell IPO. According to a document filed with the Securities and Exchange Commission, it will extend the date to complete the transaction from March 18 to April 30.

Following the company’s previous financial woes, the company reported $1.5 million in net income, an increase from the $74.4 million net loss during the same quarter last year. Last May, it closed 20 flagship stores as part of a cost-cutting effort. In March 2019, it reportedly was working with restructuring attorneys amid debt trouble and falling sales. 

Retail