Asda

A vulnerability in the online grocery store of Asda, the second-largest supermarket in the UK, exposed customers’ personal information and payment details for nearly two years.

Over 19 million transactions were at risk of getting hacked in that period.

Asda fixed the vulnerability shortly after Mr Moore published a detailed blog after 677 days to report the vulnerability.

Source: https://blog.itgovernance.co.uk/blog/asda-website-leaves-customer-details-vulnerable-for-677-days

"id": "ASD18386522",
"linkid": "asdareimagineretail",
"type": "Vulnerability",
"date": "01/2016",
"severity": "90",
"impact": "5",
"explanation": "Attack threatening the organization's existence"