Cyber Incident Victim: Yandy.com

In 2014, Yandy.com, an online retailer specializing in women's lingerie and clothing, experienced a security breach that compromised customer financial data. Between May 28 and August 18 of that year, an unidentified attacker gained unauthorized access to the company's database on four separate occasions. The breached database contained sensitive payment card information submitted by customers during the checkout process. Exposed data included credit and debit card numbers, expiration dates, CVV security codes, and associated email addresses. Company administrators detected the intrusion on August 18, though the article does not specify the detection method or initial attack vector. Following discovery, Yandy.com implemented corrective measures to address the vulnerability and restore system integrity. The Phoenix-based retailer, which had operated since 2005 and offered over 10,000 products, did not publicly disclose how many customers were affected by the breach.

Yandy.com responded to the incident by notifying affected customers through direct letters that outlined the nature of the data exposure. These communications advised recipients to monitor their financial accounts for signs of identity theft or fraudulent activity. The company acknowledged it could not determine whether the stolen information had been misused following the breach. While Yandy.com refrained from publishing exact victim counts, its substantial online presence—including thousands of social media followers across Twitter and Instagram, plus over 720,000 Facebook page likes—suggested a potentially wide impact. The breach exclusively targeted payment information processed through the website's checkout system during the nearly three-month intrusion period. No additional compromised data types or subsequent attacker activities beyond the four database accesses were reported in the available information.