Nordstrom hit by network compromise
Incident
Summary
Hide ▲
Show ▼
Nordstrom suffered an email-system compromise that let unauthorized cryptocurrency scam messages reach customers from a legitimate sender address, creating a direct fraud risk. The emails used a fake St. Patrick’s Day promotion and urged recipients to send crypto within two hours. Some recipients reportedly sent payments to the fraudster’s wallet, and Nordstrom warned that the message was unauthorized. The delivery path was tied to an Okta SSO > Salesforce compromise and Salesforce Experience Cloud.
Related Happenings
Aura customer data exposed after Aura breach
Data Leak
First: 19.03.2026 00:56
Last: 19.03.2026 00:56
Sources 1
About this happening:
Aura confirmed a **data leak** that exposed nearly **900,000 customer records**, creating privacy and phishing risk for affected customers. The exposed set included **names**, **e...
Aura customer data exposed after Aura breach
Data LeakAbout this happening: Aura confirmed a **data leak** that exposed nearly **900,000 customer records**, creating privacy and phishing risk for affected customers. The exposed set included **names**, **e...
Optimizely hit by network compromise
Incident
First: 23.02.2026 20:04
Last: 23.02.2026 20:04
Sources 1
About this happening:
**Optimizely** confirmed a **voice-phishing breach** that exposed **basic business contact information**, creating a limited but real follow-on phishing risk. The intrusion touche...
Optimizely hit by network compromise
IncidentAbout this happening: **Optimizely** confirmed a **voice-phishing breach** that exposed **basic business contact information**, creating a limited but real follow-on phishing risk. The intrusion touche...
Personal Information Protection Commission (PIPC) imposed $25 million in fines and ordered Louis Vuitton to announce the penalty on penalties tied to inadequate security measures
Regulatory/Legal Action
First: 13.02.2026 20:35
Last: 13.02.2026 20:35
Sources 1
About this happening:
South Korea's **Personal Information Protection Commission (PIPC)** fined **Louis Vuitton**, **Christian Dior Couture**, and **Tiffany** **$25 million** for data-breach violations...
Personal Information Protection Commission (PIPC) imposed $25 million in fines and ordered Louis Vuitton to announce the penalty on penalties tied to inadequate security measures
Regulatory/Legal ActionAbout this happening: South Korea's **Personal Information Protection Commission (PIPC)** fined **Louis Vuitton**, **Christian Dior Couture**, and **Tiffany** **$25 million** for data-breach violations...
Custom vishing campaign stealing Okta SSO credentials
Campaign
First: 22.01.2026 23:43
Last: 22.01.2026 23:43
Sources 1
About this happening:
A **custom vishing campaign** is actively stealing **Okta SSO credentials** through live, adversary-in-the-middle phishing pages, creating immediate risk of account takeover and d...
Custom vishing campaign stealing Okta SSO credentials
CampaignAbout this happening: A **custom vishing campaign** is actively stealing **Okta SSO credentials** through live, adversary-in-the-middle phishing pages, creating immediate risk of account takeover and d...
Grubhub-branded Holiday Crypto Promotion email campaign
Campaign
First: 26.12.2025 22:22
Last: 26.12.2025 22:22
Sources 1
About this happening:
Fraudulent **Grubhub-branded** emails began circulating on **December 24** and promised a **10x Bitcoin payout**, creating an active fraud risk for **merchant partners and recipie...
Grubhub-branded Holiday Crypto Promotion email campaign
CampaignAbout this happening: Fraudulent **Grubhub-branded** emails began circulating on **December 24** and promised a **10x Bitcoin payout**, creating an active fraud risk for **merchant partners and recipie...
Timeline
-
18.03.2026 15:55 2 articles · 2mo ago
Nordstrom customers receive fraudulent cryptocurrency promotion emails
Initial DisclosureNordstrom customers received fraudulent emails from [email protected] that disguised a cryptocurrency scam as a St. Patrick’s Day promotion and claimed deposits sent within two hours would be doubled. Customers reported the messages on social media, Nordstrom warned that the message was unauthorized and said it would never ask customers to transfer funds using cryptocurrency, and the suspected delivery path involved an Okta SSO > Salesforce compromise with delivery through Salesforce Experience Cloud. Some recipients reportedly sent payments to the fraudster’s wallet address.
Show sources
- Nordstrom's email system abused to send crypto scams to customers — www.bleepingcomputer.com — 18.03.2026 15:55
- Nordstrom's email system abused to send crypto scams to customers — www.bleepingcomputer.com — 18.03.2026 15:55