HauteLook, a flash sale fashion retailer operating under Nordstrom, suffered a data breach in mid-2018 that exposed records for approximately 28.5 million customer accounts. The breach was part of a wave of attacks targeting multiple e-commerce platforms around the same period. The stolen data was subsequently sold on dark web marketplaces in early 2019. The exposed information included email addresses, names, genders, dates of birth, geographic locations, and passwords. The passwords were stored as bcrypt hashes, a form of encryption that slows down cracking attempts but does not make them impossible. The combination of birthdate, location, and login credentials creates meaningful risk for affected customers, enabling phishing attacks, account takeover attempts, and impersonation scams. HauteLook's flash sale format, which creates urgency around time-limited offers, makes fake order or account alerts easier to make convincing. Nordstrom, as HauteLook's parent company, handled customer notifications and initiated password resets following disclosure of the breach. No prominent regulatory action or legal settlement specific to this incident has been publicly documented. Affected individuals should treat any email claiming to be from HauteLook or Nordstrom Rack with caution, particularly messages requesting login or payment details, and should update passwords on any other accounts where the same credentials were reused.

Flash-sale marketplaces collect customer identity, addresses, order history, payment-adjacent records, account activity, and brand-preference data tied to limited-time retail offers.

HauteLook has continued operating within the Nordstrom portfolio. Nordstrom has been investing in its Rack and off-price channels as growth areas while managing its full-price store footprint. No major standalone HauteLook developments beyond the Nordstrom parent context have been prominently reported.