Learning from Portland-based ‘Hanna Andersson’ Data Breach

by Danielle Kane | Feb 5, 2020 2:02:19 PM

The latest in
retail data breaches hit close to home this month with Portland-based retailer
Hanna Andersson announcing at the end of January they had been hacked. The
breach happened in fall of 2019, between September 16 and November 11, but the
retailer has yet to say how exactly the scam was executed.

The news,
though unfortunate, is not a major shock. Better Business Bureau Northwest +
Pacific has seen a steady uptick of data breaches over the last several years
with major names such as Equifax, Uber and Target among recent victims making

In the case
of Hanna Andersson, a somewhat luxury children’s clothing retailer with stores
around the country, the breach compromised customers’ credit card information
including credit card numbers, expiration dates, security codes, billing and
shipping addresses. In short – scammers got full access to customer account
information and everything they’d need to commit identity fraud. The hack
mainly impacted customers who made purchases on the website during that
September to November timeframe.

Not many
other details have been released by Hanna Anderson executives yet, though they
assured consumers they are working with federal authorities to investigate the
breach and improve their cybersecurity.

Still, the
incident underlines – again – the importance of businesses beefing up their
security features in today’s climate of constant cyber-threats and attacks.

For customers
who may have been impacted by this breach, BBB NW+P offers these tips: 

  • Confirm
    whether your card was involved. At this point, the company that was breached
    should let you know if your card was compromised. Or you should have heard from
    the card-issuer itself.
  • Consider
    putting a credit freeze or fraud alert on your credit reports with the three
    major credit reporting agencies. This would prevent scammers from accessing
    your credit report or personally identifiable information.
  • Monitor
    your credit card statements carefully for at least three months to keep an eye
    out for fraudulent charges. Or consider canceling that card completely and
    getting a new one.
  • If
    you do see a fraudulent charge, report it right away to your bank. Typically,
    if a cardholder reports unauthorized charges within 60 days, federal consumer
    protection laws require the merchant or bank to reimburse the customer.

 For businesses, the lesson couldn’t be
clearer: protecting customer information is paramount. A data breach means a
business has broken faith with its customers and, once lost, trust is difficult
to rebuild. So make sure your systems and customer information are secure,
check and update safeguards regularly and, if you do experience a data breach,
quick and comprehensive information to your customer base allows them to take
appropriate action swiftly. For more information on cyber security visit

Subscribe Now

Posts by Topic

see all

Additional Reading