In April 2018, W.W. Grainger, Inc. disclosed a data breach that occurred between **September 26, 2017, and October 12, 2017**, involving unauthorized access to its online payment system. The incident exposed sensitive customer payment details, including **credit card numbers, security codes, expiration dates, names, and addresses** of individuals who made transactions on Grainger’s website during the affected period. The breach was reported to the **California Office of the Attorney General**, highlighting the compromise of financial data linked to customer purchases. While the exact number of affected individuals was not specified in the report, the exposure of full payment card information posed a significant risk of **fraudulent transactions, identity theft, and financial losses** for customers. The breach did not involve broader personal data leaks (e.g., Social Security numbers or internal employee records) but focused primarily on **credit card-related fraud risks**. Grainger likely faced reputational damage and potential regulatory scrutiny due to the failure to protect customer financial data during the breach window.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-135471
TPRM report: https://www.rankiteo.com/company/w.w.-grainger
"id": "w.w1021090725",
"linkid": "w.w.-grainger",
"type": "Breach",
"date": "9/2017",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Industrial Supply',
'location': 'United States (Illinois)',
'name': 'W.W. Grainger, Inc.',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['names', 'addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['payment card data',
'personally identifiable '
'information (PII)']},
'date_publicly_disclosed': '2018-04-20',
'description': 'The California Office of the Attorney General reported that '
'W.W. Grainger, Inc. experienced a data breach involving '
'unauthorized access to credit card information. The breach '
'occurred between September 26, 2017, and October 12, 2017, '
'potentially affecting customers who entered credit card '
"details on Grainger's website. The compromised information "
'includes credit card numbers, security codes, expiration '
'dates, names, and addresses.',
'impact': {'data_compromised': ['credit card numbers',
'security codes',
'expiration dates',
'names',
'addresses'],
'identity_theft_risk': 'High (credit card and PII exposed)',
'payment_information_risk': 'High (full credit card details '
'exposed)',
'systems_affected': ["Grainger's website"]},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'W.W. Grainger, Inc. Data Breach (2017)',
'type': 'Data Breach'}