Australian Lingerie Retailer DeBra’s Allegedly Breached by Threat Actor 2019
An Australian women’s lingerie and swimwear retailer, DeBra’s, is reportedly the latest victim of a data breach, with threat actor 2019 claiming to have exfiltrated sensitive customer and order records. The breach was announced earlier this month on a notorious hacking forum, where 2019 alleged the theft of 196,800 customer records and 1.2 million order records.
The compromised data reportedly includes names, addresses, phone numbers, email addresses, loyalty program details, transaction histories, and order information. While the threat actor provided a sample to support their claim, the legitimacy of the breach has not been independently verified. Cyber Daily has contacted DeBra’s for comment but has yet to receive a response.
Threat actor 2019, active since January 2026, has recently targeted multiple Australian organizations, including MMJ Real Estate, the Melbourne International Film Festival (MIFF), the Australian Centre for the Moving Image (ACMI), and Napoleon Perdis. Notably, Services Australia denied 2019’s claim of breaching Centrelink. The group has also listed victims in the U.S., Italy, France, and New Zealand, often making stolen data available for download to facilitate financial fraud and scams.
DeBra’s operates both online and in-store, with a physical location in Penrith, NSW. The potential exposure of customer data raises concerns about identity theft and targeted phishing attacks. Further details on the breach’s impact and verification remain pending.
DeBra's cybersecurity rating report: https://www.rankiteo.com/company/debra's
MMJ Real Estate cybersecurity rating report: https://www.rankiteo.com/company/mmj-real-estate
Napoleon Perdis Cosmetics cybersecurity rating report: https://www.rankiteo.com/company/napoleon-perdis-cosmetics
"id": "DEBMMJNAP1781130260",
"linkid": "debra's, mmj-real-estate, napoleon-perdis-cosmetics",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '196,800',
'industry': 'Lingerie and Swimwear',
'location': 'Penrith, NSW, Australia',
'name': 'DeBra’s',
'type': 'Retailer'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '1,396,800 (196,800 customer '
'records + 1.2 million order '
'records)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Email addresses',
'Loyalty program details',
'Transaction histories',
'Order information']},
'description': 'An Australian women’s lingerie and swimwear retailer, '
'DeBra’s, is reportedly the latest victim of a data breach, '
'with threat actor 2019 claiming to have exfiltrated sensitive '
'customer and order records. The breach was announced on a '
'hacking forum, where 2019 alleged the theft of 196,800 '
'customer records and 1.2 million order records. The '
'compromised data includes names, addresses, phone numbers, '
'email addresses, loyalty program details, transaction '
'histories, and order information.',
'impact': {'brand_reputation_impact': 'Potential brand reputation damage due '
'to data exposure',
'data_compromised': '196,800 customer records and 1.2 million '
'order records',
'identity_theft_risk': 'High risk of identity theft and targeted '
'phishing attacks'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (based on threat '
"actor's history)"},
'investigation_status': 'Pending verification',
'motivation': 'Financial Fraud, Scams',
'references': [{'source': 'Cyber Daily'}, {'source': 'Hacking Forum'}],
'threat_actor': '2019',
'title': 'Australian Lingerie Retailer DeBra’s Allegedly Breached by Threat '
'Actor 2019',
'type': 'Data Breach'}