Havenly, Inc.

The California Office of the Attorney General disclosed a data breach affecting Havenly, Inc. on August 31, 2020, stemming from unauthorized access to a company database. The incident, believed to have occurred on June 25, 2020, exposed usernames and hashed passwords of users. While the breach compromised login credentials, it did not involve more sensitive data such as full credit card numbers, billing addresses, or other personally identifiable financial information. The exposure of hashed passwords though not plaintext still poses a risk of credential-stuffing attacks or account takeovers if users reused passwords across platforms. The company likely faced reputational damage and potential regulatory scrutiny under data protection laws, though the financial or operational impact appeared limited to authentication-related risks. No evidence suggested the breach escalated to broader data exfiltration or direct financial fraud against affected users.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-193576

TPRM report: https://www.rankiteo.com/company/havenlybrands

"id": "hav033090625",
"linkid": "havenlybrands",
"type": "Breach",
"date": "6/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Interior Design / E-commerce',
                        'location': 'California, USA',
                        'name': 'Havenly, Inc.',
                        'type': 'Company'}],
 'data_breach': {'data_encryption': 'Yes (passwords were hashed)',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'No (usernames only, '
                                                        'no full PII like '
                                                        'credit card numbers '
                                                        'or billing addresses)',
                 'sensitivity_of_data': 'Moderate (hashed credentials)',
                 'type_of_data_compromised': ['usernames', 'hashed passwords']},
 'date_detected': '2020-06-25',
 'date_publicly_disclosed': '2020-08-31',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Havenly, Inc. on August 31, 2020, related to '
                'unauthorized access to a database containing usernames and '
                'hashed passwords. The breach is believed to have occurred on '
                'June 25, 2020, affecting user names and hashed passwords, but '
                'not full credit card numbers or billing addresses.',
 'impact': {'data_compromised': ['usernames', 'hashed passwords'],
            'identity_theft_risk': 'Low (hashed passwords only)',
            'payment_information_risk': 'None (no full credit card numbers or '
                                        'billing addresses compromised)',
            'systems_affected': ['database']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Havenly, Inc. Data Breach (2020)',
 'type': 'Data Breach'}

Havenly, Inc.

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Dell: Alleged Dell data compromise raises skepticism

Free Mobile: French data regulator fines telco subsidiaries $48 million over data breach