What happened
According to public breach records, the Hot Topic data breach on October 19, 2024 is reported to have exposed the personal information of 56,904,909 accounts.
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
In late October 2024, a threat actor known as Satanic advertised a Hot Topic customer database (also covering its Box Lunch and Torrid brands) on the BreachForums cybercrime market, demanding 20,000 dollars for the data or a 100,000 dollar ransom for its deletion. Have I Been Pwned and independent analysts verified the data at 56,904,909 affected accounts, with the underlying breach dated around October 19, 2024. Researchers attributed it to credentials stolen by information-stealer malware that reached a third-party data-unification cloud service tied to Hot Topic, exposing names, emails, dates of birth, phone numbers, physical addresses, purchase history, and partial credit card data.
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Genders
- Names
- Partial credit card data
- Phone numbers
- Physical addresses
- Purchases
- Salutations
Breach details
| Detail | Value |
|---|---|
| Breach name | Hot Topic |
| Date | October 19, 2024 |
| Accounts affected | 56,904,909 |
| Domain | hottopic.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Hot Topic; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Treat your email and phone as exposed and be wary of messages referencing Hot Topic, Box Lunch, or Torrid orders, and never enter payment or login details from such links.
- Because partial credit card data leaked, monitor statements for unfamiliar charges and ask your issuer for a replacement card if needed.
- With your name, birth date, and address combined, watch for identity-theft scams and consider a fraud alert or credit freeze with the major bureaus.
- Enable multi-factor authentication on accounts that share the exposed email address.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- HIBP notifies 57 million people of Hot Topic data breach
- Millions of Hot Topic Customers Impacted by Data Breach
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →