StockX

In May 2019, StockX, a prominent online marketplace for sneakers and streetwear, experienced a data breach that compromised approximately 6.8 million user accounts. The exposed information included customer names, email addresses, usernames, hashed passwords, physical addresses, and purchase histories. The breach was initially concealed under the guise of a "system update," during which users were prompted to reset their passwords. However, it was later revealed that this action was in response to the security incident. Upon discovering the breach, StockX initiated a comprehensive forensic investigation, engaged third-party data incident and forensic experts, and implemented infrastructure changes to mitigate potential effects. The company also contacted law enforcement and notified customers about the incident. In response to the breach, StockX offered affected customers 12 months of free fraud detection and identity theft protection through ID Experts®. The breach led to legal actions, including a class-action lawsuit in Canada, which resulted in a settlement providing affected users with credit monitoring services and reimbursement for substantiated losses.

Data Included in the Breach