Cyber Incident Victim: TOMS Shoes

On or around October 6, 2019, an unauthorized individual using the alias "Nathan" compromised the mailing list systems of footwear retailer TOMS Shoes. The attacker gained access to the company's email distribution channels and sent a message to subscribers with the subject line "hey you, don’t look at a digital screen all day, theres a world out there that you’re missing out on." The content advocated for reduced screen time and engagement with the physical world, stating "just felt some people need that." Nathan claimed the intrusion method was simple but did not disclose technical specifics. The message also contained ethical appeals to other hackers, condemning malicious activities like selling private information and cyberbullying while urging positive behavior toward others. There was no indication in the communication that customer data was exfiltrated or monetized.

TOMS Shoes confirmed the security incident through an official statement, acknowledging unauthorized activity affecting both email and social media communications platforms. The company advised customers not to interact with suspicious messages while initiating an internal investigation. Nathan concluded their message with an apology to TOMS, writing "Dear TOMS, sorry for hacking you guys. No hard feelings pls?" The breach's primary operational impact was the unauthorized use of communication channels to distribute non-malicious content, requiring TOMS to temporarily suspend normal mailing list operations during their response. No financial motives, data theft claims, or system destruction evidence appeared in the attacker's communications or company disclosures.