Exposed data includes payment card and driver’s license numbers

US clothing brand Next Level Apparel reports phishing-related data breach

Next Level Apparel, a US clothing manufacturer and e-commerce operator, has alerted customers to a data breach connected to the compromise of employee mailboxes.

“A limited number of employees’ email accounts” were compromised via phishing, which gave cybercriminals “access to the contents of the accounts at various times between February 17, 2021 and April 28, 2021,” said Next Level Apparel in a press release issued yesterday (October 5).

Read more of the latest email security news and analysis

This “resulted in unauthorized access to information contained in some email accounts, including names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information”.

Next Level Apparel, a wholesale producer and online retailer of blank apparel, said it “could not confirm that any individual's information was in fact viewed by an unauthorized person”.

Notifying customers

The Los Angeles-based company said it has started mailing letters to victims for whom they had address information. It has also set up a dedicated call center that is fielding queries from anyone concerned about the incident.

A breach alert posted to its website on Monday offers potentially affected customers advice on how to protect themselves against fraud or identity theft.

“To help prevent something like this from happening in the future, NLA is instituting additional security measures,” said Next Level Apparel.

“To further protect personal information, we are taking steps to enhance our existing email security protocols and re-educating our staff for awareness on these types of incidents.”

The Daily Swig has asked Next Level Apparel how many customers might be affected by the data breach. We will update this article if and when we hear back.

YOU MIGHT ALSO LIKE Cryptocurrency funds removed from 6,000 Coinbase accounts due to flaw in SMS authentication