This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Princess Polly

Summary

Princess Polly, a popular Australian online fashion retailer, suffered a data breach in May 2019 when attackers installed payment card skimming malware on its website. The malicious code captured customers' credit card information as it was entered during the checkout process. The breach targeted one of Australia's fastest-growing fashion e-commerce platforms, affecting customers making online purchases during the compromise period.

What Happened

Hacking. Cybercriminals gained unauthorised access to Princess Polly's e-commerce website and installed web skimming malware (also known as "Magecart" style attacks) that intercepted payment card details in real-time as customers entered them. The malicious code operated silently in the background, capturing card numbers, expiry dates, CVV security codes, and potentially cardholder names as transactions were processed. Princess Polly discovered the breach during a security audit and immediately launched an investigation to determine the scope of the compromise and remove the malicious code.

Impact on Individuals

  • Payment Card Theft: Credit and debit card details stolen at point of entry on website
  • Fraudulent Charges: Risk of unauthorised purchases made with stolen card information
  • Card Cancellation: Banks proactively cancelled potentially compromised cards
  • Purchase Interruptions: Customers faced declined transactions while waiting for replacement cards
  • Account Monitoring: Need for ongoing vigilance monitoring bank statements for suspicious activity

Young Australian shoppers, Princess Polly's core demographic, were particularly affected as the breach targeted a popular fashion destination for online purchases.

Response

Princess Polly immediately removed the malicious code from its website and engaged external cybersecurity experts to conduct a thorough forensic investigation. The company notified affected customers via email and published a statement on its website explaining the incident and the steps being taken to address it. Princess Polly worked with payment processors and banks to identify potentially compromised cards and support the reissue process. The retailer implemented enhanced security measures for its e-commerce platform, including improved monitoring systems and additional layers of protection for payment processing. Princess Polly recommended that affected customers monitor their bank statements closely and report any suspicious transactions to their financial institutions immediately. +++

Verification Source: View original statement