Cyber Incident Victim: Tennis Warehouse

The Tennis Warehouse cyber incident occurred on or around October 1, 2021, as part of a broader attack affecting four affiliated online sports retailers: Tackle Warehouse, Running Warehouse, Tennis Warehouse, and Skate Warehouse. Threat actors stole sensitive payment and personal data belonging to 1,813,224 customers across these platforms. Compromised information included full names, financial account numbers, credit/debit card numbers with CVV codes, and website account passwords. The websites first detected anomalous activity on October 15, 2021, triggering an investigation that concluded on November 29 with confirmation of the data theft scope. No technical details regarding the intrusion method were disclosed in customer notifications, though the incident was classified as an "external system breach (hacking)" without evidence of card skimming infrastructure.

Affected organizations initiated response protocols upon discovering the breach, including engagement with digital forensics experts and law enforcement agencies. They reported the incident to payment card networks to facilitate fraud monitoring on compromised accounts but did not offer identity protection services to impacted individuals. Customer notifications commenced on December 16, 2021—76 days after initial detection—advising vigilance against financial fraud while omitting specifics about attack vectors or system vulnerabilities addressed during remediation. The stolen dataset's inclusion of full CVV codes and passwords significantly elevated risks of payment card fraud and credential-stuffing attacks against victims. Forensic enhancements to website security were implemented, though the public disclosure contained no technical particulars regarding containment measures or infrastructure changes.