On November 13, 2018, the California Office of the Attorney General reported a data breach at Stein Mart, Inc. The breach involved unauthorized code added by the third-party vendor, Annex Cloud, which could have captured customer information during the checkout process between December 28, 2017, and July 9, 2018. The compromised data potentially included customer names, addresses, email addresses, payment card numbers, expiration dates, and card security codes (CVV).
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-141776
TPRM report: https://www.rankiteo.com/company/stein-mart
"id": "ste851072525",
"linkid": "stein-mart",
"type": "Breach",
"date": "12/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Retail',
'name': 'Stein Mart, Inc.',
'type': 'Retail'}],
'attack_vector': 'Third-party vendor compromise',
'data_breach': {'personally_identifiable_information': ['customer names',
'addresses',
'email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['customer names',
'addresses',
'email addresses',
'payment card numbers',
'expiration dates',
'card security codes (CVV)']},
'date_detected': '2018-11-13',
'date_publicly_disclosed': '2018-11-13',
'description': 'Unauthorized code added by the third-party vendor, Annex '
'Cloud, which could have captured customer information during '
'the checkout process between December 28, 2017, and July 9, '
'2018.',
'impact': {'data_compromised': ['customer names',
'addresses',
'email addresses',
'payment card numbers',
'expiration dates',
'card security codes (CVV)']},
'references': [{'date_accessed': '2018-11-13',
'source': 'California Office of the Attorney General'}],
'title': 'Data Breach at Stein Mart, Inc.',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized code injection'}