Posted on behalf of Arnold Law Firm
on July 22, 2020 in Data Breach Updated on June 16, 2022
If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at:https://cyberattacklitsettlement.com/
On June 12, 2020, fashion accessory retailer Claire’s identified unauthorized computer code present on its website for nearly two months. The malicious code was designed to obtain confidential information entered by customers during the checkout process and forward that data to an outside server.
Purchases made in Claire’s retail store locations reportedly were not involved.
According to security company Sansec, a malicious site “claires-assets.com” was registered by an anonymous party the day after Claire’s closed its 3,000 worldwide stores due to COVID-19. The shutdown created a prime opportunity for a Magecart cyber-attack in anticipation of the resulting surge in online traffic.
Magecart is malware for online skimming which allows hackers to steal transaction information entered during the purchase. Reportedly, the code was placed directly on Claire’s servers, and the skimmer was attached to the submit button of the checkout form.
When the shopping cart purchase button is clicked, Magecart grabs an image of the transaction and sends it to the hacker’s server. Hackers know that image file requests are less likely to be monitored by security systems.
Personal information at risk of compromise was entered during the checkout process, including:
First and last names
Addresses
Email addresses
Phone numbers
Payment card numbers
Expiration dates
Card verification codes
Gift card numbers
PINs (for new accounts opened with the purchase)
Passwords (for new accounts opened with the purchase)
According to Claire’s, the data breach started on April 7, 2020, continuing intermittently through June 12, 2020, however Sansec believes the skimming may have begun as early as March 20, 2020. Claire’s also claims there were multiple spans during this time period when purchase data may not have been scraped because of new code deployments.
Claire’s claims to have identified specific transactions involved and has notified the customers who placed an order when the added code was present. They are offering affected customers one year of internet surveillance and identity theft insurance services and have taken measures to reinforce the security of their site.
Customers are encouraged to closely review payment card account statements for any unauthorized charges. If you are unsure whether your data may have been compromised, Claire’s has established a dedicated call center, which can be reached by calling 1-844-951-2879.
Established in 1961, Claire’s is a leading specialty retailer of accessories, cosmetics, and jewelry primarily for girls, tweens, and teens, operating 2,220 stores throughout North America and Europe with additional concession locations and franchised stores worldwide. Claire’s also offers more sophisticated merchandise designed for young women through its 200 Icing brand stores.
The Illinois-based company employs nearly 19,000 and has estimated annual revenues of $1.3 billion. Claire’s is owned by Apollo Global Management, LLC, a global alternative investment manager firm that specializes in investing across credit, private equity, and real assets.
If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at:https://cyberattacklitsettlement.com/
Mahul did a really good job. His been very helpful and was able to meet the client's need. His turn time was quick and very reliable. I am happy with the outcome. :)Happy client. I recommend Mahul and the team for the job well done.
I spoke to Stephanie regarding a possible case. It wasn't something they could take but she was very knowledgeable and helped send me in the right direction.
Truly great people. A great team and amazing effort. They moved very fast with my case and made sure I was alert every step of the way. They are also very welcoming and very comforting in hard times. I would strongly recommend this firm.
I want to sing praise for Mrs Frances Siria @ Arnold Law Firm. She is an amazing asset to your company, very professional and such a pleasure to have worked with…..
I can’t say enough about Mrs. Siria 😃
If I could give 6 ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ I would!
I love my Team Tony! Joy and Larisa are the absolute best! They've helped me emotionally and physically, and they were always there for me when I needed someone to talk to. They definitely walked me through my problems and helped me understand everything every step of the way. I would 100% recommend them!!! Tony has the best support that I could have ever asked for. They are kind, extremely knowledgeable, and approachable. I could not thank them enough! Please give them a try.