- The data of approximately 36,000 customers were reportedly exposed.
- The data leak reportedly came in retaliation to C&A's use of job seeker data to create gift cards and meet their card creation targets, Tecmundo reported.
Global fashion retail chain C&A has suffered a data breach affecting its gift card platform in Brazil. A hacker going by the name @joshua from the Fatal Error Crew group published the data of customers who purchased gift cards online on Pastebin.
Compromised data included ID numbers, email addresses, order number, date of purchase and the amount loaded into the cards.
Approximately 36,000 customers were impacted by the incident, Tecmundo reported. According to the local technology news website, the incident was reportedly in response to the company's use of job seeker data to create gift cards and meet their card creation targets.
The Fatal Error Crew also noted that customers' personal information was not posted to Pastebin.
"We will not distribute any personal information on the internet since we do not endorse financial crimes," the group said, Tecmundo reported. "Customer data is secure, the few published GiftCards were in the return section, so they would be discarded."
C&A confirmed the intrusion in an official statement saying it detected a "cyberattack movement" targeting its gift card and exchange system last week. In response, the firm said it quickly implemented its contingency plan and legal proceedings to address the issue.
The company added that it does not use personal data for any unauthorized purposes.
"We reiterate our commitment to ethics and respect to the laws and that we work to offer the best possible experience to our customers, and that includes the online environment," the company said in a statement.