Hot Topic, the popular retailer known for its pop-culture merchandise and fashion items, is embroiled in a fresh data breach controversy. A cybercriminal group, identified as ‘Satanic,’ is reportedly demanding a ransom of $100,000 to delete a stolen dataset that contains the personal information of more than 350 million users. This data was allegedly leaked on breach forums, fueling concerns about the companyās cybersecurity practices.
Hot Topic, which also owns brands like Box Lunch and Torrid, operates over 650 stores across the U.S. and Canada. The company was first alerted to the breach when several senior employees received notifications on social media about the sale of the stolen data. The exposed records, which are being sold for $20,000, include sensitive information such as email addresses, full names, dates of birth, phone numbers, physical addresses, purchase history, and even financial data, including credit card details.
Further investigations revealed that the breach occurred after the attackers gained access to Hot Topic employee credentials. This led to the theft of the company’s data in September 2024, which was subsequently sold on dark web forums in October. The data was initially offered for as low as $4,000 for a single dataset containing approximately 750MB of stolen information.
A data analytics firm, Atlas Privacy, later confirmed the breach, revealing that a massive 750GB of data had been stolen. This includes roughly 25 million encrypted credit card numbers, many of which were secured using a weak cipher that could be easily cracked with readily available software. The breach is believed to have taken place in mid-October 2024, and the stolen data may include records dating back to as early as 2011.
In response to the breach, Hot Topic has activated its incident response plan and is working to minimize the potential damage. The company has also launched a dedicated website, databreach dot com, where affected users can check if their information has been compromised by entering their email address or phone number.
As is common with data breaches of this scale, the stolen data is expected to lead to an increase in phishing attempts and identity theft. Affected individuals are strongly advised to monitor their bank accounts and credit activity for any signs of unauthorized transactions or fraud.
Hot Topic has not yet made an official statement regarding the full extent of the breach, but the company is likely facing intense scrutiny over its cybersecurity measures and response to the incident.