Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Levi’s customers have pockets picked as cyber attack affects 72,000

Major fashion brand Levi’s has disclosed a cyber attack on its systems that could affect 72,000 customers.

user icon Daniel Croft
Wed, 26 Jun 2024
Levi’s customers have pockets picked as cyber attack affects 72,000
expand image

Levi Strauss & Co (Levi’s) issued a data breach notice to its customers saying that it had detected suspicious activity that saw threat actors attempt to access customer accounts through a credential stuffing attack.

“On June 13th, we identified an unusual spike in activity on our website. Our investigation showed characteristics associated with a ‘credential stuffing’ attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case, www.levis.com,” the company said.

“[Levi’s] was not the source of the compromised login credentials.”

============
============

While Levi’s has said it has not detected that any fraudulent purchases to be made and that payment methods saved on accounts cannot be used to purchase items without secondary authentication, unauthorised users who successfully accessed customer accounts would have been able to access personal and financial details, including “order history, name, email, stored addresses, and, if you have saved a payment method, partial information that includes the last four digits of card number, card type and expiration date”.

Levi’s added that in response to the attack, it has deactivated the account credentials of all those affected and has deployed a password reset to some accounts.

The denim giant said that thanks to its security measures, it was able to “identify and block” the attack. It also said that an investigation into the incident allowed them to determine the nature of the incident.

“We continually evaluate and identify improvements to strengthen our website cyber security,” it said.

At the time of writing, Cyber Daily was unable to determine who the threat actor behind the incident was, or if any data had been successfully accessed.

Cyber Daily has reached out to Levi’s for additional comment.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.