ShopCourts, Pricesmart online data breached

Above: The page on Leakbase.io reporting on the ShopCourts breach and data sale.

Jamaican cybersecurity researcher Gavin Dennis reported on his LinkedIn page that ShopCourts, the online shopping portal for Courts Caribbean had been hacked and data for up to 200,000 orders had been exfiltrated.

According to Dennis, a sample of customer records from 2013 to 2023 has been posted as a proof of hack and an independent review of a sample reveals records from multiple Caribbean countries, including Trinidad and Tobago. Also affected in the breach are customers in Jamaica, Belize, St Lucia and Barbados.

Customer names, addresses, emails and other personally identifiable information are visible in the reporting page posted to the hack reporting website leakbase.io. The data is being offered for sale after being published on August 29, 2023.

Gavin Dennis reported that the following information is visible in the exfiltrated ShopCourts data…

👉 Customer Name
👉 Address
👉 Phone number
👉 Account Password (hashed)
👉 Order details:
👉 Purchase Location
👉 Purchase Date
👉 Bill-to Name
👉 Ship-to Name
👉 Grand Total (Base)
👉 Grand Total (Purchased)
👉 Status
👉 Billing Address
👉 Shipping Address
👉 Shipping Information
👉 Shipping and Handling
👉 Customer Name
👉 Payment Method
👉 Pickup Location Code
👉 USD Grand Total

*ALPHV’s notification of data exfiltration on the dark web.*

The X (Twitter) feed for FalconFeeds.io, a cybersecurity firm which tracks breaches there noted today that “ALPHV #ransomware group has added PriceSmart to their victim list.”

The hackers claim to have exfiltrated 500GB of customer and employee data from the company. ALPHV, also known as Black Cat, is a recently formed ransomware group which has breached more than 60 organisations in the last month.

Users of the online shopping portals of these companies are encouraged to change their passwords immediately.

This is a developing story and will be updated as more information comes to hand.