A recent data breach has compromised the personal information of over 3.5 million customers of SABO, a globally recognized fashion and design company based in Australia. Security researcher Jeremiah Fowler discovered the breach, which involved an unsecured database containing a staggering 292 GB of sensitive customer data. The findings, reported by vpnMentor and published on HackRead.com, reveal that the records included personally identifiable information (PII) such as customer names, addresses, phone numbers, and detailed order histories.
The exposed data is alarming, comprising nearly 3,587,960 individual records dating as far back as 2015, which included invoices and packing slips. These records not only contained personal identification details but also intricate order details for retail and commercial customers. Samples provided from the compromised database depict detailed invoices, raising concerns about how such a vast array of personal data was left vulnerable.
The risk to customers remains significant. It is currently unclear whether the database was managed by SABO themselves or a third-party service. Regardless, the lack of encryption and protection on sensitive data heightens risks related to targeted cyberattacks, phishing emails, and social engineering scams that can deceive individuals into providing more confidential information.
Cybersecurity experts warn that the exposed data could facilitate unauthorized financial transactions and account theft, as criminals may leverage the stolen PII. In response to the incident, SABO secured the database following Fowler’s responsible disclosure, but this incident underscores the urgent need for rigorous data protection protocols, including the implementation of stronger encryption and verification systems to safeguard customer information.