Threat Actor: $udo | $udo
Victim: Puregold | Puregold
Price: Not specified
Exfiltrated Data Type: Customer records, transaction data, operational data
Key Points :
- Over 130,000 customer records allegedly compromised.
- Data leaked includes full names, billing and shipping addresses, and email addresses.
- Transaction details such as purchase points, dates, amounts, and statuses were exposed.
- Internal operational data including order processing and logistics information was also leaked.
- The threat actor shared screenshots of Puregold’s internal database to demonstrate the breach.
- Customers are advised to change passwords and monitor for suspicious activity.
- Puregold is urged to enhance cybersecurity measures and address the breach publicly.
Manila, Philippines – Puregold, one of the leading retailers in the Philippines, has allegedly fallen victim to a data breach, with the threat actor “$udo” claiming that over 130,000 customer records have been compromised.
The attacker took responsibility for the breach and leaked sensitive customer data on their Telegram channel, showcasing vulnerabilities in Puregold’s e-commerce system. The exposed information includes a wide range of customer details, raising serious concerns about the security of the company’s infrastructure.
Among the compromised data are personal details such as full names, billing and shipping addresses, as well as email addresses, which could expose customers to phishing attempts and fraud. Additionally, transaction data such as purchase points (whether in-store or online), purchase dates, total transaction amounts, and statuses were leaked. Shipping and handling information, along with payment methods, were also part of the breach, although specific financial details like credit card numbers were not confirmed to be part of the leak. Loyalty program information, including PERKS/TNAP card numbers and redeemed points, was also compromised, further affecting customers’ accounts.
The breach also exposes internal operations at Puregold, with details on order processing and logistics such as picker and packer information, and timestamps for order pickups. This exposure of operational data not only puts customer information at risk but also highlights the potential vulnerabilities in the retailer’s internal systems.
“$udo” claimed that the breach impacted over 130,000 records, though the exact number of compromised accounts has yet to be confirmed by Puregold. To demonstrate the severity of the breach, “$udo” shared screenshots of Puregold’s internal database on their Telegram channel.
In response to this incident, it is recommended that affected customers immediately change their passwords and monitor for suspicious activity or phishing attempts. Puregold should also take urgent action, including publicly addressing the breach, enhancing their cybersecurity measures, and potentially offering identity theft protection services to affected customers. While the full extent of the breach is still being assessed, this incident underscores the importance of robust cybersecurity protocols for businesses that handle sensitive customer information.