Cyber Incident Victim: Dorben Group
Date:
Feb 2023
Location:
Brazil
Summary
A luxury retail partner in Latin America suffered a data breach exposing personal information of approximately 790,000 customers, including full names, email addresses, phone numbers, and home addresses. The dataset appeared on a hacker forum, supposedly originating from internal systems and reportedly dated several months prior to its listing. The attacker, an unknown low-reputation forum member, previously leaked multiple other datasets. The affected entity operates numerous stores across multiple countries and represents over 20 high-end brands. While no financial data was confirmed in this incident, the exposure poses identity theft risks to impacted individuals. The company did not respond to initial inquiries about the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 7, 2023, an unidentified threat actor listed a database containing approximately 790,000 customer records allegedly stolen from Dorben Group, a major Latin American retail partner for luxury brands including Valentino, Creed, Michael Kors, Carolina Herrera, and H&M. The dataset appeared on a cybercriminal forum with claims it originated from a September 2022 breach, though Cybernews investigators could not independently verify its authenticity at the time of reporting. The exposed information consisted of customers' full names, email addresses, telephone numbers, and residential addresses. The actor responsible for the listing had registered on the forum in August 2022 and lacked any reputation scores from community members, though they previously posted dozens of other datasets from global organizations. Dorben Group, which operates 70 retail stores across 10 countries with 500 employees and offices in the US, Brazil, Colombia, and the Dominican Republic, did not respond to media inquiries regarding the potential breach.
The incident represents one of multiple retail-sector breaches in early 2023, with the same forum hosting leaks from US Cellular affecting 52,000 subscribers and Weee! grocery platform impacting 11 million customers shortly before the Dorben listing. Unlike Weee!, which confirmed its breach but denied financial data exposure, and US Cellular, which validated unauthorized access to customer service details, Dorben Group made no public statement about the purported compromise. Cybersecurity researchers emphasized the severity of potential identity theft and financial fraud risks posed by the exposure of personal identifiers, advising impacted individuals to monitor their financial accounts. The dataset's appearance followed patterns observed in recent retail breaches, including a January 2023 Puma data leak that similarly contained customer purchase histories alongside contact information, though Puma's investigation remained pending at the time of reporting. No evidence emerged regarding actual misuse of Dorben customer data, but the incident underscored persistent targeting of brand-affiliated distributors despite lacking confirmation of intrusion methods or internal detection timelines.