The Children's Place Retail Stores Inc. said Tuesday that its customer email address database was recently accessed by an unauthorized third party. The database is stored at an external email service provider, according to company officials. The external service provider confirmed that only email addresses were accessed and no other personal information was obtained.
The New Jersey-based children's specialty apparel retailer, which operates 995 stores around the country, said the hacker sent out an unauthorized email that attempts to phish sensitive information from customers. According to a breach notification letter sent out by the company, the email appears to have come from Adobe and directs customers to a website where they are asked to enter their credit card number in order to update software.
Also see: 5 tips to avoid getting phished
"This email did not come from The Children's Place and does not resemble the emails you normally receive from us," Children's Place officials said in the notification. "We are continuing to investigate this incident and apologize for any inconvenience."
The notice comes just weeks after email service provider Epsilon Interactive told clients they had experienced a major security breach, prompting many U.S. corporations to warn their customers to be aware of potential spear phishing attacks. According to a post from the Coalition Against Unsolicited Commercial Email, Experian-owned email marketing service Cheetahmail is the breached company that services The Children's Place.
Customers with questions can the company at 1-877-752-2387.