The Children's Place database hacked; email addresses exposed
Retail store chain The Children's Place is notifying customers that an unauthorized third party accessed its email address database. The company said in a statement that no personal information, other than email addresses, was obtained, and that the data was stored with an external email service provider.
Unauthorized emails sent to customers afterwards claimed to be selling Adobe software upgrades in order to obtain credit-card information, according to media reports. Reuters reported that the email directed customers to a website where they were asked to enter credit card information.
The Secaucus, NJ-based retailer said in a statement that it is taking steps to prevent this from occurring in the future.
Experian CheetahMail said in a statement that it identified an incident “in which someone used a valid client user ID and password to gain access to the client's email account and transmit an unauthorized and unlawful email.”
However, the service provider also noted that it has “no evidence that any CheetahMail computer system was hacked. There was no data breach, data loss or download; someone used authorized client credentials to gain access to our email system.”
The company said it is investigating the incident.
The Children's Place breach is similar to the Epsilon database breach that occurred earlier this month. Unauthorized persons accessed the data of 2% of Epsilon's total customer base.
The retailer did not immediately return requests seeking comment.