Posted on behalf of Arnold Law Firm
on July 22, 2020 in Data Breach Updated on June 16, 2022
If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at:https://cyberattacklitsettlement.com/
On June 12, 2020, fashion accessory retailer Claire’s identified unauthorized computer code present on its website for nearly two months. The malicious code was designed to obtain confidential information entered by customers during the checkout process and forward that data to an outside server.
Purchases made in Claire’s retail store locations reportedly were not involved.
According to security company Sansec, a malicious site “claires-assets.com” was registered by an anonymous party the day after Claire’s closed its 3,000 worldwide stores due to COVID-19. The shutdown created a prime opportunity for a Magecart cyber-attack in anticipation of the resulting surge in online traffic.
Magecart is malware for online skimming which allows hackers to steal transaction information entered during the purchase. Reportedly, the code was placed directly on Claire’s servers, and the skimmer was attached to the submit button of the checkout form.
When the shopping cart purchase button is clicked, Magecart grabs an image of the transaction and sends it to the hacker’s server. Hackers know that image file requests are less likely to be monitored by security systems.
Personal information at risk of compromise was entered during the checkout process, including:
First and last names
Addresses
Email addresses
Phone numbers
Payment card numbers
Expiration dates
Card verification codes
Gift card numbers
PINs (for new accounts opened with the purchase)
Passwords (for new accounts opened with the purchase)
According to Claire’s, the data breach started on April 7, 2020, continuing intermittently through June 12, 2020, however Sansec believes the skimming may have begun as early as March 20, 2020. Claire’s also claims there were multiple spans during this time period when purchase data may not have been scraped because of new code deployments.
Claire’s claims to have identified specific transactions involved and has notified the customers who placed an order when the added code was present. They are offering affected customers one year of internet surveillance and identity theft insurance services and have taken measures to reinforce the security of their site.
Customers are encouraged to closely review payment card account statements for any unauthorized charges. If you are unsure whether your data may have been compromised, Claire’s has established a dedicated call center, which can be reached by calling 1-844-951-2879.
Established in 1961, Claire’s is a leading specialty retailer of accessories, cosmetics, and jewelry primarily for girls, tweens, and teens, operating 2,220 stores throughout North America and Europe with additional concession locations and franchised stores worldwide. Claire’s also offers more sophisticated merchandise designed for young women through its 200 Icing brand stores.
The Illinois-based company employs nearly 19,000 and has estimated annual revenues of $1.3 billion. Claire’s is owned by Apollo Global Management, LLC, a global alternative investment manager firm that specializes in investing across credit, private equity, and real assets.
If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at:https://cyberattacklitsettlement.com/
I really love that law firm. They were on their job. They took care of me very well, and I highly recommend that law firm for any of your doings. I just wanna thank Josh and his crew for helping me all that they have. Done for me and my family.
Thank you to the Staff at Arnold Law Firm! This was my 3rd time using their services for different needs. Each time has been a smooth, honest and professional experience. They have provided me with guidance & consulting services to reach a positive outcome. Each time I have been pleasantly surprised! Thank you Arnold Law Firm! 🤗
A very special Thank You to Sal, Dominic & Jeff! 🤗🤗🤗
They always keep me up to date on my case. I also felt it was done in a timely manner!
Arnold Law firm provided me with an amazing experience. They were super communicative and assisted me with any needs or questions that I had during my journey to recovery and through financial hardship due to my car accident. I was hit by an uninsured motorist and would have been completely overwhelmed by all of the bills, paperwork, insurance nuances, and legal action needed. Jesus Garcia was an absolute pleasure to work with and I couldn’t be happier with the results.
Met with a lawyer who is taking care of my wife's potential lawsuit. He was nice and his assistant is really on top of things.I'd recommend them if you need representation. No upfront costs and reasonable expectations when suit is settled.