Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

Credential Stuffing Leads to J. Crew Data Breach

Date: 03/18/2020

There are a variety of ways that hackers can infiltrate a company’s network and steal users’ information. J. Crew Group, a clothing retailer with various online retail shopping sites and nearly 500 brick-and-mortar stores, recently announced that it had discovered a J. Crew data breach of the company’s servers in April of 2019, and has traced the breach back to a tactic known as credential stuffing.

Credential stuffing is a growing problem and has exploded since 2018, mostly because the necessary information is available for sale online and anyone with a little bit of know-how can do it. It can happen when anyone reuses their email addresses and password on multiple accounts. According to the Identity Theft Resource Center’s 2019 Data Breach Report, 83 percent of people use the same password for more than one account. If your information is ever stolen in a data breach and you have used that same username and password combination on other websites or apps, a hacker who accessed your stolen information—or someone who buys your stolen information on the Dark Web—can test out your credentials on other sites.

J. Crew’s investigation found that information such as names, billing and shipping addresses and the last four digits of stored payment cards were accessed in the J. Crew data breach by outsiders who relied on this method of breaking in. Other details were compromised, but nothing permanent like birthdates or Social Security numbers.

This is just one of many reasons why it is important to establish strong, unique passwords on all of your accounts, no matter how sensitive or inconsequential they may seem.

The company has completed a forced password reset and issued data breach notification letters. Anyone whose information was exposed in the J. Crew data breach can also contact the Identity Theft Resource Center’s toll-free number at 888.400.5530 or via the website’s live chat feature to speak with an expert advisor if they need more information. This resource can also help you come up with actionable steps if you need them.

In this or other data breaches, ITRC’s free ID Theft Help App can help you too. Simply download it from your device’s preferred app store in order to keep tabs on your specific incident and monitor what actions you have taken. You can even reach out to the ITRC for assistance directly through the app.

You might also like…

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.