Breach cyber

FabFitFun, Inc.

Apr 1, 2020 1 min read
FabFitFun, Inc.

FabFitFun, Inc. suffered a data breach between April 26, 2020, and August 3, 2020, caused by malicious code injected into their website. The incident exposed sensitive customer data, including emails, passwords, and payment information, though the exact number of affected individuals remains undisclosed (marked as *UNKN*). The breach highlights vulnerabilities in the company’s web security, allowing unauthorized access to personal and financial details. Such exposure increases risks of identity theft, fraudulent transactions, and phishing attacks targeting customers. The breach underscores the critical need for robust cybersecurity measures, particularly for e-commerce platforms handling payment data. While no ransomware was reported, the compromise of payment information elevates the severity due to potential financial harm and reputational damage to both the company and its customers.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-194225

TPRM report: https://www.rankiteo.com/company/fabfitfun

"id": "fab002091825",
"linkid": "fabfitfun",
"type": "Breach",
"date": "4/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'UNKN',
                        'industry': 'E-commerce / Subscription Box',
                        'location': 'California, USA',
                        'name': 'FabFitFun, Inc.',
                        'type': 'Company'}],
 'attack_vector': 'Malicious Code on Website',
 'data_breach': {'number_of_records_exposed': 'UNKN',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Emails',
                                              'Passwords',
                                              'Payment Information']},
 'description': 'The California Office of the Attorney General reported that '
                'FabFitFun, Inc. experienced a data breach affecting personal '
                'information between April 26, 2020, and August 3, 2020. The '
                'breach involved malicious code on their website, potentially '
                'exposing customer emails, passwords, and payment information '
                'for approximately UNKN individuals.',
 'impact': {'data_compromised': ['Emails', 'Passwords', 'Payment Information'],
            'identity_theft_risk': 'Potential',
            'payment_information_risk': 'Potential',
            'systems_affected': ['Website']},
 'initial_access_broker': {'entry_point': 'Website (Malicious Code)'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'FabFitFun Data Breach (2020)',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.