The Brazilian operation of international fashion retail clothing chain C&A has confirmed a cyberattack to its gift card platform.
Data from customers who purchased gift cards was leaked such as ID numbers and email addresses, in addition to information including the amount loaded into the cards, order number and data of purchase.
A hacker named @joshua from group Fatal Error Crew has published data from C&A customers who purchased gift cards online on the website Pastebin, which is effectively a remote server for cybercriminal activity.
According to local technology news website Tecmundo, data of about 36,000 customers has been exposed in the attack, which is understood to have happened in retaliation to use of jobseeker data by the retail firm to create gift cards and meet its card creation targets.
While it didn't confirm the scale of the data leak, C&A said in a statement that it detected a "cyberattack movement" in its gift card and exchange system last Thursday and that it immediately actioned its contingency plan, as well as legal proceedings to treat the issue.
The retailer added that it does not use personal data for any unauthorized purposes: "we reiterate our commitment to ethics and respect to the laws and that we work to offer the best possible experience to our customers, and that includes the online environment."