Clothing giant J.Crew said an unknown number of customers had their online accounts accessed “by an unauthorized party” almost a year ago, but is only now disclosing the incident. The company said in a filing on Tuesday with the California attorney general that the hacker gained access to the customer accounts in or around April 2019. According to the letter, the hacker obtained information found in customers’ online accounts — including card types, the last four digits of card payment numbers, expiration dates and associated billing addresses. Online accounts also store customer order numbers, shipping confirmation numbers and shipment statuses.
Source: Tech Crunch