Breach cyber

Bombas LLC

Sep 1, 2014 2 min read
Bombas LLC

The California Office of the Attorney General disclosed a data breach affecting Bombas LLC, a direct-to-consumer apparel company. The incident occurred between September 27, 2014, and February 25, 2015, but was only reported on August 31, 2018. The breach exposed personal customer data, including names, addresses, and credit card information, though the exact number of affected individuals remains undisclosed (labeled as 'UNKN' in reports).The compromised data suggests a financial and reputational risk, as payment details were accessed, potentially enabling fraudulent transactions or identity theft. While the breach did not involve ransomware or a full-scale system takeover, the prolonged exposure period (nearly five months) raises concerns about the company’s cybersecurity posture at the time. Customers were notified years after the initial compromise, further amplifying reputational damage due to delayed transparency.The incident aligns with patterns seen in e-commerce data breaches, where third-party vulnerabilities or insufficient safeguards lead to unauthorized access. No evidence suggests the attack escalated to operational disruptions or broader systemic threats, but the leak of payment data remains a critical failure in protecting customer trust.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-139516

TPRM report: https://www.rankiteo.com/company/bombas

"id": "bom726082025",
"linkid": "bombas",
"type": "Breach",
"date": "9/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'UNKN',
                        'industry': 'Apparel & Fashion',
                        'location': 'United States (California)',
                        'name': 'Bombas LLC',
                        'type': 'Company'}],
 'customer_advisories': 'Notifications sent to affected individuals via the '
                        'California Office of the Attorney General',
 'data_breach': {'number_of_records_exposed': 'UNKN',
                 'personally_identifiable_information': ['names', 'addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['personal information',
                                              'payment information']},
 'date_publicly_disclosed': '2018-08-31',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Bombas LLC. The breach occurred between '
                'September 27, 2014, and February 25, 2015, potentially '
                'exposing personal information such as names, addresses, and '
                'credit card information for affected customers. Approximately '
                'UNKN individuals were notified about the breach.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'credit card information'],
            'identity_theft_risk': 'Potential',
            'payment_information_risk': 'High'},
 'references': [{'date_accessed': '2018-08-31',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'response': {'communication_strategy': 'Customer notifications via California '
                                        'Office of the Attorney General'},
 'title': 'Bombas LLC Data Breach (2014-2015)',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.