Cyber Incident Victim: Running Warehouse

On October 1, 2021, threat actors breached four affiliated online sports retail websites—Tackle Warehouse, Running Warehouse, Tennis Warehouse, and Skate Warehouse—compromising sensitive payment and personal data belonging to 1,813,224 customers. The attackers exfiltrated full names, financial account numbers, credit card numbers with CVV codes, debit card numbers with CVV codes, and website account passwords during the intrusion. The websites collectively discovered unauthorized access to their systems on October 15, 2021, triggering an immediate investigation with external digital forensics experts. By November 29, 2021, forensic analysis confirmed the scope of data theft and identified affected customers across all four domains. The compromised entities delayed public disclosure until completing their investigation, formally notifying impacted individuals via mailed letters on December 16, 2021.

The websites reported the incident to payment card networks to flag compromised accounts for fraud monitoring and notified federal law enforcement agencies. Tackle Warehouse’s notification letter confirmed collaboration with digital forensics specialists to implement enhanced security measures across all affiliated platforms, though technical specifics of these improvements were not publicly disclosed. No evidence suggested prolonged unauthorized access beyond the October 1 breach date. Affected customers received no complimentary identity protection services despite the high-risk exposure of CVV codes and financial credentials. The websites characterized the incident as an "external system breach (hacking)" but did not disclose attack vectors, intrusion methods, or whether multiple systems or a centralized database was compromised. Operational disruptions appeared minimal, with all sites maintaining transaction capabilities throughout the investigation period.