Hot Topic Suffers Massive Data Breach Affecting 350 Million Customer Records

by Justin Erickson

Hudson Rock, an Israeli cybersecurity firm, has reported a significant data breach involving 350 million customer records from Hot Topic and its affiliated brands, Torrid and BoxLunch. The breach, attributed to a threat actor named “Satanic,” includes personal data such as names, emails, addresses, birthdates, transaction details, and partial payment card information. The breach was allegedly caused by an infostealer malware infection on a third-party vendor employee’s device, who lacked multi-factor authentication (MFA) on a cloud account used for data analysis. The hacker has listed the 680GB dataset for sale on a forum, initially priced at $20,000, while demanding $100,000 from Hot Topic to remove the data listing. The stolen data poses risks of identity theft, financial fraud, and loyalty account takeovers for affected customers. Hudson Rock urges impacted individuals to monitor accounts closely and secure any reused credentials to reduce exposure.