Peruvian Connection 2025 Data Breach

Peruvian Connection 2025 Data Breach

Retail & Commerce / Apparel & Accessories E-commerce / Catalog and online luxury knitwear retailer / United States

Peruvian Connection 2025 Data Breach

US catalog and online retailer of Peruvian-inspired luxury knitwear, apparel and accessories, sourced largely from artisans in Peru.

Confirmed · ObscureIQ Intelligence
Breach Risk Index i
22/100
Lower riskHigher risk
Lower: limited current risk based on data value and recency.
Data Sensitivity i
Standard
Exposed data is largely lower-sensitivity. Standard identity-protection precautions are advised.
1.1MRecords
2025Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Classification Tags
World LeaksRansomware / ExtortionRetail & CommerceE-commerceDirect Customers2025

Breach Summary

On October 24, 2025, the WorldLeaks group (a data-theft rebrand of Hunters International) listed Peruvian Connection on its leak site, claiming to have stolen company data under an extortion model. The specific contents have not been independently verified; consistent with the retailer's business, exposed data would center on customer contact and order records. This entry tracks about 1,066,338 circulating records, a figure that likely reflects data rows rather than distinct individuals and should be read with caution given the retailer's size.

Full threat analysis, exploitation vectors, and principal guidance below.

11 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

1.1M records analyzed

About Peruvian Connection

Peruvian Connection is a US catalog and online retailer of Peruvian-inspired luxury knitwear, apparel and accessories, founded in 1976 and based in Tonganoxie, Kansas. It designs distinctive women's clothing sourced substantially from alpaca and pima-cotton artisans in Peru, selling through print catalogs, its website and a small number of stores.

Why They Hold Your Data

As a catalog and e-commerce apparel retailer, Peruvian Connection holds customer records including names, email addresses, phone numbers, mailing/billing addresses and order history collected through catalog and online purchasing.

Recent Developments

The WorldLeaks group (a rebrand of Hunters International) listed Peruvian Connection on its leak site on October 24, 2025 under a data-theft extortion model; the specific stolen data has not been independently verified. The retailer continues to operate.

Data Points Exposed

3 verified field types
Email Address
Full Name
Phone Number

Breach Impact

A breach at a catalog retailer primarily exposes customers' contact and purchasing data, inviting brand-impersonation phishing and mail-based fraud and creating notification obligations. As an unverified leak-site listing, the confirmed scope is limited pending corroboration.

Exploitation & Downstream Threats

• SIM swap attacks where phone numbers are present | • Targeted phishing campaigns using exposed email addresses

Principal Risk Advisory

What this means for a principal

A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.

What You Should Do

  1. Guard against SIM-swap and vishing: add a carrier port-out PIN and verify any 'support' calls independently.
  2. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping and footprint neutralization: cross-reference against broker-available data and suppress still-removable elements, prioritizing address and phone, since this record re-seeds broker networks.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).
WL
Threat Actor: World LeaksConfidence: High
Extortion-as-a-service / rebrand

Motivation: Financial extortion
A leak extortion operation described as a rebrand or successor evolution of Hunters International. Reporting describes a shift toward extortion-only operations rather than encryption-first ransomware, with affiliate infrastructure and data leak pressure.

Read the full threat-actor profile →

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation