Bombas, LLC

On May 18, 2018, Bombas, LLC suffered a data breach stemming from malware infiltrating its e-commerce platform. The incident exposed the personal and financial information of approximately 41,000 customers who conducted transactions between September 1, 2013, and February 9, 2015. Compromised data included names, addresses, and credit card details, all accessed without authorization. The breach was disclosed by the California Office of the Attorney General, highlighting vulnerabilities in the company’s payment processing system. While the exact duration of the malware’s presence remains undisclosed, the exposure period spanned over 17 months, raising concerns about prolonged undetected access. The breach did not involve ransomware demands or broader systemic disruptions but focused specifically on customer payment data, posing risks of fraud and identity theft. Bombas cooperated with authorities post-discovery, though the long-term repercussions for affected individuals such as potential financial fraud or reputational harm to the brand remain unresolved.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-136345

TPRM report: https://www.rankiteo.com/company/bombas

"id": "bom724082025",
"linkid": "bombas",
"type": "Breach",
"date": "9/2013",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '41,000',
                        'industry': 'E-commerce / Apparel',
                        'location': 'United States (California)',
                        'name': 'Bombas, LLC',
                        'type': 'Private Company'}],
 'attack_vector': 'Malware on e-commerce platform',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '41,000',
                 'personally_identifiable_information': 'Yes (names, '
                                                        'addresses)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['personal information',
                                              'payment information']},
 'date_detected': '2018-05-18',
 'description': 'The California Office of the Attorney General reported that '
                'Bombas, LLC experienced a data breach on May 18, 2018, '
                'affecting approximately 41,000 customers who made credit card '
                'purchases from September 1, 2013, to February 9, 2015. The '
                'breach involved unauthorized access to personal information '
                'such as names, addresses, and credit card details due to '
                'malware on an e-commerce platform.',
 'impact': {'data_compromised': ['names', 'addresses', 'credit card details'],
            'identity_theft_risk': 'High (credit card details exposed)',
            'payment_information_risk': 'High (credit card details exposed)',
            'systems_affected': ['e-commerce platform']},
 'post_incident_analysis': {'root_causes': 'Malware infection on e-commerce '
                                           'platform'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'response': {'law_enforcement_notified': 'Yes (California Office of the '
                                          'Attorney General)'},
 'title': 'Bombas, LLC Data Breach (2018)',
 'type': 'Data Breach'}

Bombas, LLC

Cardinal Services Inc.: Cardinal Services Data Breach Exposes Social Security Numbers and More

Halifax Share Dealing Limited: Halifax

Houston Eye Associates: Houston Eye AssociatesData Breach?