Retailer Data Breaches in 2018: Was Your Favorite Store Hacked?

Find out which retail chains have been hit and where you can go for help to protect yourself from identity theft, scams and financial fraud.

Open security lock on credit cards with computer keyboard / Credit card data breach
(Image credit: weerapatkiatdumrong)

Corporate data breaches are becoming all too common. Last year, several high-profile companies including Chipotle, Equifax and Uber fell victim to computer incursions. In 2018, popular retailers are being targeted by hackers -- stores where you've shopped, paid with credit cards and handed over personal information to register for loyalty programs.

The list of big-name retailers that have reported data breaches in 2018 continues to grow. That means millions of shoppers' names, addresses, emails, credit cards, passwords, or other personal and financial information potentially have already been compromised. Here's a closer look at several recent retailer data breaches including details on where you can go for help to protect your identity and credit.

Retailer Data Breaches in 2018

Swipe to scroll horizontally
CompanyMonth ReportedData Breach DetailsFor More Info.
Orbitz (opens in new tab)MarchA reported 880,000 users' personal information -- including full names, credit card numbers, phone numbers, and e-mail and street addresses -- was compromised.The company is offering affected customers free credit monitoring and identity protection. Call 1-855-828-3959 or go to orbitz.allclearid.com (opens in new tab).
Under Armour (opens in new tab)MarchAn unauthorized third party gained access to personal information from 150 million users' of the company's MyFitnessPal app. Compromised data included e-mail addresses and hashed passwords, but not Social Security or driver’s license numbers.Go to MyFitnessPal Account Security Issue: FAQs (opens in new tab)
Best Buy (opens in new tab)AprilThe electronics retailer stated that [24]7.ai, a third party chat service provider it uses to communicate with online customers, suffered an intrusion that compromised customer payment information.Best Buy will contact affected customers directly. Email questions to 247incident@bestbuy.com.
Delta Air (opens in new tab)AprilThe airline was also affected by the [24]7.ai breach. Certain online customer payment information may have been compromised. However, the company says hackers didn't gain access to passport, government ID or SkyMiles information.Delta is providing free credit monitoring services to affected customers. Go to delta.allclearid.com (opens in new tab) to enroll.
Kmart (opens in new tab)AprilKmart.com fell victim to the [24]7.ai data breach, as well. The store's parent company Sears Holding is advising affected customers to monitor their credit card statements and request a free copy of their credit report. They aren't currently providing free credit monitoring services.Go to searsholdings.com/update (opens in new tab)
Lord & Taylor (opens in new tab)AprilMalware running on certain point-of-sale systems at possibly all Lord & Taylor locations in North America exposed customer payment information including credit and debit card numbers. A reported 5 million customers from sister companies Lord & Taylor, Saks Fifth Avenue and Saks Off 5th were affected.Lord & Taylor is offering free credit monitoring to affected customers. Call 1-855-270-9187 Monday through Saturday, 8 a.m. to 8 p.m. CT.
Marriot International (opens in new tab)NovemberThe hospitality company discovered in September that an unauthorized third-party had been accessing its Starwood network since 2014. The hacker had access to the Starwood guest reservation database, which contains names, mailing addresses, as well as phone and passport numbers. A reported 500 million guests who've stayed at a Starwood property may have been affected.Marriott has set-up a dedicated call center where concerned customers can get further information at 877-273-9481.
Panera BreadAprilPanerabread.com exposed customer records including full names, e-mail and street addresses, birthdays, the last four digits of customer credit card numbers, as well as loyalty card numbers, according to Krebsonsecurity.com (opens in new tab).The company says it has resolved the security issue.
Saks Fifth Avenue and Saks Off 5th (opens in new tab)AprilMalware running on certain point-of-sale systems at possibly all Saks Fifth Avenue and Saks Off 5th locations in North America exposed customer payment information including credit and debit card numbers. A reported 5 million customers from sister companies Saks Fifth Avenue, Saks Off 5th and Lord & Taylor were affected.Saks Fifth Avenue and Saks Off 5th are offering free credit monitoring to affected customers. Call 1-855-270-9187 Monday through Saturday, 8 a.m. to 8 p.m. CT.
Sears (opens in new tab)AprilSears.com was also hit by the [24]7.ai data breach. The store's parent company Sears Holding is advising affected customers to monitor their credit card statements and request a free copy of their credit report. They aren't currently providing free credit monitoring services.Go to searsholdings.com/update (opens in new tab).

If you suspect your personal information has been compromised through one of these retailer data breaches, don't rely solely on the store to do the right thing to help ensure you are protected, suggests Liz Weston (opens in new tab), a certified financial planner and columnist for NerdWallet.com. She advises consumers to be proactive by doing the following:

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%
https://cdn.mos.cms.futurecdn.net/flexiimages/xrd7fjmf8g1657008683.png

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of Kiplinger’s expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of Kiplinger’s expert advice - straight to your e-mail.

Sign up

1. If a breach involves your Social Security number, immediately freeze your credit reports at all three credit bureaus (Equifax, Experian and TransUnion).

2. If your credit or debit card numbers were exposed, monitor those cards. Be wary of any e-mails or texts you receive asking for personal information or warning you of "problems with your account." Also, don't click on links that are sent to you from a source you don't know. Instead, type in the URL by hand into a browser to help avoid phishing attempts.

3. If passwords are exposed, change them on the affected websites and on any other sites where you may have used the same password (something you shouldn't be doing anyway). Even if passwords weren't compromised, it's a good practice to change them regularly.

Andrea Browne Taylor
Online Editor, Kiplinger.com
Browne Taylor joined Kiplinger in 2011 and is a channel editor for Kiplinger.com covering living and family finance topics. She previously worked at the Washington Post as a Web producer in the Style section and prior to that covered the Jobs, Cars and Real Estate sections. She earned a BA in journalism from Howard University in Washington, D.C.