DeBra’s is a retailer selling lingerie, swimwear, bras, and maternity wear both online and in-store, with a physical location in Penrith, NSW.
In a post on a notorious hacking forum made earlier this month, threat actor 2019 claimed to have breached DeBra’s, saying that they exfiltrated 196,800 customer records and 1.2 million order records.
According to the claim, data includes names, addresses, phone numbers, emails, loyalty program details, transaction history and information regarding orders and products.
The threat actor 2019 provided a sample in the listing to back their claim, but Cyber Daily has not yet verified the legitimacy of the incident.
Cyber Daily has reached out to DeBra’s for more information and is currently awaiting a response.
Who is 2019?
The threat actor 2019 is a relatively new player in the cyber crime space, having appeared in January 2026.
Of late, the threat actor has listed a large number of Australian victims, including MMJ Real Estate, the Melbourne International Film Festival (MIFF), the Australian Centre for the Moving Image (ACMI), and Centrelink; however, Services Australia denied the Centrelink incident.
Most recently, 2019 listed Australian top prestige make-up brand Napoleon Perdis, claiming to have stolen 339,100 customer records.
According to the post, the data includes first names, postal addresses, mobile numbers, email addresses, loyalty points, monetary value of said points, transaction history, total spending, customer price groups, customer ID details, account creation dates and latest record update timestamps.
Unlike the DeBra’s listing, the data was available for download, inviting other cyber criminals to use it for financial fraud, scams, and more.
The threat actor also targets entities in the US, Italy, France and New Zealand.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
