The California Office of the Attorney General reported a data breach involving Recreational Equipment Inc. (REI) on July 31, 2014. The breach occurred between July 4 and July 18, 2014, due to unauthorized access by a third party who obtained user credentials from an unrelated site. Approximately 3 accounts were specifically mentioned being affected, and the compromised information included billing and shipping addresses, order history, and dividend amounts.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-46094
TPRM report: https://scoringcyber.rankiteo.com/company/rei
"id": "rei350072825",
"linkid": "rei",
"type": "Breach",
"date": "7/2014",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 3,
'industry': 'Retail',
'name': 'Recreational Equipment Inc. (REI)',
'type': 'Retail'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'number_of_records_exposed': 3,
'type_of_data_compromised': ['billing and shipping addresses',
'order history',
'dividend amounts']},
'date_detected': '2014-07-31',
'date_publicly_disclosed': '2014-07-31',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Recreational Equipment Inc. (REI) on July '
'31, 2014. The breach occurred between July 4 and July 18, '
'2014, due to unauthorized access by a third party who '
'obtained user credentials from an unrelated site. '
'Approximately 3 accounts were specifically mentioned being '
'affected, and the compromised information included billing '
'and shipping addresses, order history, and dividend amounts.',
'impact': {'data_compromised': ['billing and shipping addresses',
'order history',
'dividend amounts']},
'references': [{'date_accessed': '2014-07-31',
'source': 'California Office of the Attorney General'}],
'threat_actor': 'Third Party',
'title': 'REI Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'User Credentials from an Unrelated Site'}