Claire’s Data Breach

If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at: https://cyberattacklitsettlement.com/

cyber-attack-colorfulOn June 12, 2020, fashion accessory retailer Claire’s identified unauthorized computer code present on its website for nearly two months. The malicious code was designed to obtain confidential information entered by customers during the checkout process and forward that data to an outside server.

Purchases made in Claire’s retail store locations reportedly were not involved.

According to security company Sansec, a malicious site “claires-assets.com” was registered by an anonymous party the day after Claire’s closed its 3,000 worldwide stores due to COVID-19. The shutdown created a prime opportunity for a Magecart cyber-attack in anticipation of the resulting surge in online traffic.

Magecart is malware for online skimming which allows hackers to steal transaction information entered during the purchase. Reportedly, the code was placed directly on Claire’s servers, and the skimmer was attached to the submit button of the checkout form.

When the shopping cart purchase button is clicked, Magecart grabs an image of the transaction and sends it to the hacker’s server. Hackers know that image file requests are less likely to be monitored by security systems.

Personal information at risk of compromise was entered during the checkout process, including:

  • First and last names
  • Addresses
  • Email addresses
  • Phone numbers
  • Payment card numbers
  • Expiration dates
  • Card verification codes
  • Gift card numbers
  • PINs (for new accounts opened with the purchase)
  • Passwords (for new accounts opened with the purchase)

According to Claire’s, the data breach started on April 7, 2020, continuing intermittently through June 12, 2020, however Sansec believes the skimming may have begun as early as March 20, 2020. Claire’s also claims there were multiple spans during this time period when purchase data may not have been scraped because of new code deployments.

Claire’s claims to have identified specific transactions involved and has notified the customers who placed an order when the added code was present. They are offering affected customers one year of internet surveillance and identity theft insurance services and have taken measures to reinforce the security of their site.

Customers are encouraged to closely review payment card account statements for any unauthorized charges. If you are unsure whether your data may have been compromised, Claire’s has established a dedicated call center, which can be reached by calling 1-844-951-2879.

Established in 1961, Claire’s is a leading specialty retailer of accessories, cosmetics, and jewelry primarily for girls, tweens, and teens, operating 2,220 stores throughout North America and Europe with additional concession locations and franchised stores worldwide. Claire’s also offers more sophisticated merchandise designed for young women through its 200 Icing brand stores.

The Illinois-based company employs nearly 19,000 and has estimated annual revenues of $1.3 billion. Claire’s is owned by Apollo Global Management, LLC, a global alternative investment manager firm that specializes in investing across credit, private equity, and real assets.

If you received notice from Claire’s Stores that your personal information may have been compromised as a result of a Data Incident that occurred between April 7, 2020, and June 12, 2020, the United States District Court for the Northern District of Illinois (Eastern Division) has preliminarily approved a class action settlement that may affect your legal rights. You can submit claims at: https://cyberattacklitsettlement.com/