Retail & Commerce / Apparel & Accessories E-commerce / Catalog and online luxury knitwear retailer / United States
US catalog and online retailer of Peruvian-inspired luxury knitwear, apparel and accessories, sourced largely from artisans in Peru.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
On October 24, 2025, the WorldLeaks group (a data-theft rebrand of Hunters International) listed Peruvian Connection on its leak site, claiming to have stolen company data under an extortion model. The specific contents have not been independently verified; consistent with the retailer's business, exposed data would center on customer contact and order records. This entry tracks about 1,066,338 circulating records, a figure that likely reflects data rows rather than distinct individuals and should be read with caution given the retailer's size.
Full threat analysis, exploitation vectors, and principal guidance below.
11 additional sections · verified field analysis · defensive doctrine
1.1M records analyzed
Peruvian Connection is a US catalog and online retailer of Peruvian-inspired luxury knitwear, apparel and accessories, founded in 1976 and based in Tonganoxie, Kansas. It designs distinctive women's clothing sourced substantially from alpaca and pima-cotton artisans in Peru, selling through print catalogs, its website and a small number of stores.
As a catalog and e-commerce apparel retailer, Peruvian Connection holds customer records including names, email addresses, phone numbers, mailing/billing addresses and order history collected through catalog and online purchasing.
The WorldLeaks group (a rebrand of Hunters International) listed Peruvian Connection on its leak site on October 24, 2025 under a data-theft extortion model; the specific stolen data has not been independently verified. The retailer continues to operate.
A breach at a catalog retailer primarily exposes customers' contact and purchasing data, inviting brand-impersonation phishing and mail-based fraud and creating notification obligations. As an unverified leak-site listing, the confirmed scope is limited pending corroboration.
• SIM swap attacks where phone numbers are present | • Targeted phishing campaigns using exposed email addresses
A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.
Motivation: Financial extortion
A leak extortion operation described as a rebrand or successor evolution of Hunters International. Reporting describes a shift toward extortion-only operations rather than encryption-first ransomware, with affiliate infrastructure and data leak pressure.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation