GS Retail has confirmed a significant data breach affecting approximately 90,000 customers. The breach occurred between December 27, 2024, and January 4, 2025, when hackers used a technique known as credential stuffing to gain unauthorized access to customer accounts. Personal information including names, genders, dates of birth, contact information, addresses, IDs, and emails were leaked. This attack highlights the vulnerabilities in online systems when user credentials, often gathered from previous data breaches, are exploited in bulk attempts.
Upon discovering the breach, GS Retail took swift action by blocking IP addresses associated with the attack and locking the affected customer accounts to prevent further unauthorized access. Additionally, they temporarily shut down pages displaying sensitive personal data. Despite these efforts, the breach has raised concerns over the security of customer data and the effectiveness of current protection measures within retail systems.
GS Retail has advised affected customers to immediately change their account passwords and remain cautious of any suspicious communications, such as phishing attempts that could target them using the leaked data. The company emphasized the importance of monitoring for potential misuse of the exposed information, such as fraudulent phone calls or emails attempting to extract further personal details from customers.
In a statement, a GS Retail representative expressed sincere apologies for the incident, acknowledging the inconvenience and concern caused to their customers. The company assured the public that they are taking steps to strengthen their system security and prevent similar breaches in the future. The incident has served as a reminder of the critical need for enhanced cybersecurity protocols in protecting sensitive consumer information within the retail sector.
Reference:
