Hot Topic shoppers' personal information accessed in 2023 data breach, company announces

Hot Topic shoppers may have had some of their personal information accessed by hackers after the clothing company announced a breach.

The company identified "suspicious login activity to certain Hot Topic Rewards accounts," according to an email sent out to customers. Hot Topic's investigation into the hack found that "unauthorized parties launched automated attacks" against the company's site and mobile application in 2023 on Nov. 18-19 and Nov. 25, the email said.

The hackers obtained valid account credentials, including email addresses and passwords, from an "unknown third party source" to log into shoppers' accounts, Hot Topic's email said.

"Hot Topic was not the source of the account credentials used in these attacks," according to the California-headquartered company's email.

What information did hackers access from Hot Topic shoppers?

Shoppers whose accounts were logged into by hackers during the breach may have had their name, email address, order history, phone number, month and day of their birth and mailing address accessed, Hot Topic said.

If a customer had their payment card saved to their Hot Topic Rewards account, the hacker could only view the last four digits of the card number on file, according to the company.

Hot Topic has not been able to determine which accounts were accessed by hackers as opposed to actual customers who logged in during the breach, the company's email said.

What is Hot Topic doing to prevent further breaches?

Hot Topic said it is "working with outside cybersecurity experts" and has already implemented steps to safeguard the company's site and mobile application from "automated credential stuff attacks," including bot protection software.

"Hot Topic takes this event very seriously," the company's email said. "After detecting suspicious activity, we promptly began an investigation and took action to address the activity."

The company also told shoppers whose information was accessed to set a new account password, which "will ensure that any third parties who may have your access credentials can no longer use them on our website or mobile app."

"If you have not done so already, please reset your Hot Topic Rewards account password as soon as possible," the company's email said. "... We encourage you to remain vigilant against potential identity theft and fraud by carefully reviewing credit reports and account statements to ensure that all activity is valid."