Shoe Sensation, Inc.

On February 24, 2025, the Maine Office of the Attorney General disclosed a data breach affecting Shoe Sensation, Inc., originating from an unauthorized external access incident on August 12, 2024. The breach compromised the personal information of approximately 9,019 individuals, including customer names, addresses, and credit card numbers. While the exact method of intrusion remains undisclosed, the exposure of financial data (credit card details) poses a significant risk of fraudulent activity and identity theft. In response, the company offered 12 months of credit monitoring and identity theft protection services to affected individuals. The breach highlights vulnerabilities in Shoe Sensation’s cybersecurity defenses, particularly in safeguarding payment-related customer data, which is a high-value target for cybercriminals. The incident underscores the broader trend of retail sector breaches, where financial and personal data leaks can erode customer trust and trigger regulatory scrutiny. No evidence suggests ransomware involvement or broader systemic disruptions beyond the data compromise.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/ea01f9f7-7415-4a36-b5ef-bfa76ec148fd.html

TPRM report: https://www.rankiteo.com/company/shoe-sensation-inc.

"id": "sho630090125",
"linkid": "shoe-sensation-inc.",
"type": "Breach",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '9,019',
                        'industry': 'Footwear',
                        'name': 'Shoe Sensation, Inc.',
                        'type': 'Retail'}],
 'attack_vector': 'Unauthorized External Access',
 'customer_advisories': 'Identity theft protection services (12 months of '
                        'credit monitoring) offered to affected individuals',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '9,019',
                 'personally_identifiable_information': ['Names', 'Addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Payment Information']},
 'date_detected': '2024-08-12',
 'date_publicly_disclosed': '2025-02-24',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving Shoe Sensation, Inc. on February 24, 2025. '
                'The breach occurred on August 12, 2024, when unauthorized '
                'external access to their systems compromised the personal '
                'information of approximately 9,019 individuals, specifically '
                'including customer names, addresses, and credit card numbers. '
                'Identity theft protection services, including 12 months of '
                'credit monitoring, were offered to those affected.',
 'impact': {'data_compromised': ['Customer names',
                                 'Addresses',
                                 'Credit card numbers'],
            'identity_theft_risk': 'High (credit monitoring offered)',
            'payment_information_risk': 'High (credit card numbers exposed)'},
 'references': [{'date_accessed': '2025-02-24',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Offered identity theft protection '
                                        'services (12 months of credit '
                                        'monitoring)'},
 'title': 'Shoe Sensation, Inc. Data Breach (2024)',
 'type': 'Data Breach'}