Claire's

Claire's operates as a major retailer specializing in jewelry and accessories, serving customers primarily in the United States. The company conducts business through both physical store locations and an e-commerce platform, facilitating online sales and transactions. Its operations include the main Claire's brand and the subsidiary Icing brand, each maintaining distinct online presences. The core business model involves selling fashion accessories directly to consumers via these combined retail channels.

The organization experienced a significant cybersecurity incident impacting its digital operations. In April 2020, threat actors executed a MageCart attack against Claire's e-commerce platform. Malicious code was injected into the checkout process of both the primary Claire's website and the Icing subsidiary site. This compromised script captured customer payment card details entered during online purchases and exfiltrated the stolen data to a spoofed domain controlled by the attackers. The breach affected transactions occurring over a multi-week period, though payments made within physical stores remained secure. Following discovery, Claire's removed the malicious code, implemented security enhancements, notified relevant payment networks and law enforcement agencies, and advised potentially impacted customers to monitor their financial accounts for fraudulent activity. This incident underscores the company's exposure to web-based threats targeting consumer payment data.