Express website flaw exposed customer data in search engine results
Express remediated a website vulnerability that exposed sensitive customer information by allowing it to appear in search engine results. Reporting indicated that at least a dozen customers were affected after publicly accessible pages were indexed, making personal and transactional data discoverable online.
The exposed information included names, email addresses, postal, billing, and delivery addresses, order details, phone numbers, and partial payment card information. While the reported scope appeared limited to a small number of customers, the incident involved multiple categories of personally identifiable and purchase-related data at the major U.S. clothing retailer.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Express remediates website flaw exposing customer data in search results
Express fixed a website vulnerability that allowed sensitive customer information to be indexed by search engines and appear publicly in search results. Reported exposed data included names, email addresses, postal, billing, and delivery addresses, order details, partial payment card information, and phone numbers, affecting at least a dozen customers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
ROMWE Discloses Data Security Incident Affecting Shoppers
Fast-fashion retailer **ROMWE** notified customers of a data security incident involving shopper information, according to a company disclosure carried by Yahoo Finance. The notice indicates the company informed affected users directly and publicly acknowledged that customer data was exposed in the breach, prompting a formal incident response and outreach effort. The available reporting provides limited technical detail, but the incident appears to involve unauthorized access to consumer data held by the retailer. For CISOs, the event underscores persistent third-party e-commerce and customer-data exposure risks, particularly where online retail platforms store personal information that can be leveraged for fraud, account abuse, or follow-on phishing against affected shoppers.
May 25, 2026
Cloudflare Cloudbleed Bug Exposed Passwords and Sensitive Web Session Data
A major bug in Cloudflare's edge infrastructure, widely dubbed **Cloudbleed**, caused fragments of sensitive data from customer websites to leak into web pages and search engine caches. Reports said the flaw exposed items including passwords, authentication tokens, private messages, cookies, and other in-memory data belonging to users of sites that relied on Cloudflare services, raising the risk of account compromise and unauthorized access. Cloudflare said the issue stemmed from a parser bug tied to features such as email obfuscation, server-side excludes, and automatic HTTPS rewrites, and moved to disable affected components and work with search engines to purge cached leaked data. Security coverage urged users to change passwords and rotate credentials, while affected organizations were pressed to invalidate sessions, review logs, and assess whether exposed tokens or session identifiers could have been abused.
May 25, 2026
Equifax Breach Exposed Data on Nearly 148 Million People After Unpatched Apache Struts Flaw
Equifax disclosed that attackers exploited an unpatched **Apache Struts** vulnerability, `CVE-2017-5638`, in a public-facing dispute portal and stole highly sensitive consumer data including names, Social Security numbers, birth dates, addresses, and in some cases driver's license numbers and credit card data. Subsequent forensic reviews expanded the scope from the initial 143 million victims to roughly **145.5 million Americans**, with later reporting putting the total at **147.7 million**, while also identifying about **200,000 payment cards**, **10.9 million driver's licenses**, and smaller numbers of affected consumers in Canada and the UK. Government and media reporting said the attackers moved beyond the initial servers, accessed dozens of databases, and remained inside Equifax's network for weeks before discovery. The breach drew intense scrutiny because the Struts flaw had been publicly disclosed and patched months earlier, yet Equifax failed to remediate it despite internal and external warnings about weak security. Reports described broader security shortcomings, including poor patching, outdated systems, weak logging, and a researcher warning that sensitive data was exposed on a public-facing site before the intrusion. Equifax's response also faced criticism after it delayed public disclosure, launched an unreliable breach-check website, and came under congressional examination over governance and accountability, while lawmakers and investigators pressed the company over how a preventable vulnerability led to one of the most damaging exposures of personal information in the United States.
May 26, 2026