Spreadshirt informed its customers that they have become the target of an organized cyberattack. Unknown perpetrators managed to gain access to their servers and stole the data stored there with the possibility of publishing it later. The company said customer data has been compromised in this process, including payment information.
Spreadshirt was founded in 2002 in Leipzig, Germany. Today it also operates Spreadshop and TeamShirts online platforms and is one of the world’s leading e-commerce platforms for on-demand printing on clothes and accessories.
Spreadshop first alerted its users about the attack via its website on July 8th 2021.
In a response to Privacy Sharks, Spreadshirt said:
“Data affected includes address and contractual data belonging to customers, partners, employees, and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.”
According to the latest information from external investigators, the hacked servers did not contain the bank details of any other groups of customers.
However, details like addresses and passwords saved before 2014 have leaked. If you have an account with Spreadshirt, we recommend that you change your password as a precaution.
In an email update today, the company assured ts customers it is doing everything to mitigate the incident:
“We are very sorry that your personal data has been affected by this cyber attack. We are working closely with external cybersecurity experts to ensure that this incident does not happen again. Investigating authorities have already been called. Data security is our top priority.”
No other details of the security measures being made were told by its press team.
“For investigative reasons, we cannot give further details on what new security measures will be implemented to prevent attacks like this from happening in the future,” the company commented.
Spreadshirt has created a support page, on which the company promises to post updates as soon as there is new information.