Children’s apparel company Hanna Andersson discloses data breach

The incident shows that financial data anywhere on the web is a potential target for criminals.
(Dave Dugdale, Flickr)

Hanna Andersson, a children’s clothing company with stores across the country, has told customers that their card payment data may have been compromised in a security breach last year.

For nearly two months from mid-September to mid-November, an “unauthorized third party” had access to card payment information that certain customers entered as they were checking out at Hanna Andersson’s website, Mike Edwards, the company’s CEO, said in a Jan. 15 letter to customers viewed by CyberScoop.

The exposed data included payment card numbers, expiration dates, and CVV codes, along with customers’ names, billing addresses, and shipping addresses. Law enforcement officials recently told executives at Portland, Oregon-based Hanna Andersson that there was evidence of a breach, Edwards said.

It is unclear how many customers were affected by the incident. While it doesn’t appear that every customer who visited the website during the two month period was victimized, Edwards said, the company is notifying anyone potentially affected. It is also offering customers a year of credit monitoring and a $1 million “insurance reimbursement policy.”


A Hanna Andersson spokesperson told CyberScoop the company does not know who was responsible for the breach or how many customers might be affected. Hanna Andersson has hired cybersecurity companies Coalfire and Carbon Black, along with consulting firm Charles River Associates and a team from Salesforce, to investigate the breach, the spokesperson said. The company is working with the Department of Homeland Security and FBI on the investigation.

Hanna Andersson is known for selling pajamas, some of which are themed around popular Disney movies. The breach shows that, regardless of the end product being sold, anywhere on the web that houses financial data is a potential target for criminals.

Financially-motivated hacking is a thriving as criminals have successfully targeted web portals where victims enter payment data. One of the more effective ways of stealing card-payment is through a code-skimming technique, popularized by a collection of roughly a dozen criminal groups, known as Magecart. A recent study found that Magecart-style code had been planted on more than 2 million websites.

Hanna Andersson’s letter to customers did not identify any suspects who may be behind the breach.

UPDATE, 01/22/207:48 a.m., EDT: This story has been updated with a statement from a Hanna Andersson spokesperson.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts