Security News > 2021 > June > Baby Clothes Giant Carter’s Leaks 410K Customer Records

Baby clothes retailer Carter's inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure.

The Linc system was delivering customers shortened URLs with Carter's purchase and shipping details without basic security protections.

The analysts calculated that more than 410,000 records, and hundreds of thousands of customer records, were exposed in the leak - which they estimated dates as far back as 2015.

This kind of granular customer data could be used by threat actors in a fraudulent phishing campaign appearing to be from Carter's, to scam victims into giving up even more sensitive data, like credit-card information.

"For more recent orders, hackers could simply ring up a Carter's customer to discuss purchases made and pose as couriers or customer support, building rapport with the target and ensnaring in criminal schemes," the vpnMentor researchers warned.

Carter's, which accounts for 25 percent of the total $3 billion baby apparel market, was not able to be reached for comment.

News URL

https://threatpost.com/baby-clothes-carters-leaks-customer-records/166866/