Cyber Incident Victim: Destination Maternity

The Destination Maternity data breach unfolded between March 16 and April 13, 2021, when an unauthorized party infiltrated systems containing employee information at the New Jersey-based company. The intrusion remained undetected until June 11, 2021, when internal discovery processes identified the compromise. On August 13, 2021, the organization began notifying 93,776 current and former employees whose personal data was potentially exposed during the nearly month-long incident. The company formally documented the breach in a notification letter submitted to the Maine Attorney General's Office, confirming the unauthorized access to sensitive personnel records.

Compromised data included names, addresses, and Social Security numbers belonging to the retailer's workforce. Bank account information was also considered potentially exposed, but only for employees who had previously provided those details to Destination Maternity. In response to the breach, the company implemented a remediation plan offering affected individuals complimentary credit monitoring and identity theft restoration services. The incident exclusively impacted employee data, with no mention of customer information being accessed or compromised during the attack. No operational disruptions or system downtime were reported in connection with the cybersecurity event. The notification process commenced approximately two months after breach discovery, with no public disclosure of forensic findings regarding the intrusion methodology or perpetrator identity.