Sam’s Club

In mid-November, Sam’s Club reported a data breach where unauthorized individuals gained access to customer accounts using credentials likely obtained from an external source. The incident exposed sensitive personal information, including names, phone numbers, postal addresses, and payment card details. While the exact number of affected customers remains undisclosed, the breach poses significant risks such as identity theft, financial fraud, and reputational damage. The compromised payment card data could lead to fraudulent transactions, while the exposure of personal details increases the likelihood of targeted phishing or social engineering attacks. The breach underscores vulnerabilities in credential security and the potential for cascading harm when third-party credentials are reused across platforms. Customers are advised to monitor their accounts for suspicious activity and update their login credentials to mitigate further risks.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/8bcf27dd-7f39-46e1-8c55-6b2daad8826f.shtml

TPRM report: https://www.rankiteo.com/company/sam's-club

"id": "sam021091825",
"linkid": "sam's-club",
"type": "Breach",
"date": "11/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Retail / Wholesale',
                        'name': 'Sam’s Club',
                        'type': 'Retailer'}],
 'attack_vector': 'Credential Stuffing / Account Takeover',
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes PII and payment '
                                        'details)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Payment Card Information']},
 'description': 'In mid-November, unauthorized access to Sam’s Club customer '
                'accounts occurred using login credentials likely obtained '
                'from another source. The breach may have compromised personal '
                'information such as names, phone numbers, postal addresses, '
                'and payment card details, but the number of affected '
                'individuals is unknown.',
 'impact': {'data_compromised': ['Names',
                                 'Phone Numbers',
                                 'Postal Addresses',
                                 'Payment Card Details'],
            'identity_theft_risk': 'Potential (due to PII exposure)',
            'payment_information_risk': 'Potential (payment card details '
                                        'exposed)'},
 'initial_access_broker': {'entry_point': 'Compromised credentials (likely '
                                          'from another source)'},
 'title': 'Sam’s Club Unauthorized Account Access Incident',
 'type': 'Data Breach / Unauthorized Access'}