Personal Data of 1.3 Million Shoppers Exposed by Walmart Partner -- Security Today

Personal Data of 1.3 Million Shoppers Exposed by Walmart Partner

According to cybersecurity firm Kromtech, who found it stored in a publicly accessible Amazon S3 bucket.

By Sydny Shepard
Mar 20, 2018

The personal data of over 1.3 million people across the United States and Canada were publicly exposed online by Walmart's jewelry partner, according to cybersecurity firm Kromtech, who found it stored in a publicly accessible Amazon S3 bucket.

Researchers first assumed the Amazon web server belonged to Walmart, since the storage bucket was named, "walmartsql." However, they later uncovered the databased actually belonged to a Chicago-based firm called MBM Company Inc., which primarily operates under the name Limogés Jewelry.

According to Kromtech, the database was left exposed online since Jan. 13 2018, and included names, addresses, zip codes, phone numbers, email addresses, and plaintext passwords for 1,314,193 people.

It also contained numerous records for retailers other than Walmart. Over the years, Limogés Jewelry has done business with retailers such as Amazon, Overstock, Sears, Kmart and Target, among others.

Kromtech researchers also found internal MBM mailing lists, payment details, promo codes, item orders, as well as encrypted credit card details. The records exposed dated as far back as 2000 and extended to early 2018. Researchers believe this may have been MBM Company's main customer database.

“In more than one case, the sensitive data has been exposed by a partner or third party. Organizations need to not only take steps to secure sensitive data in their possession, but also as it’s handed off to these partners," Tim Erlin, VP, product management and strategy at cybersecurity firm Tripwire said. "Protecting customer data from this type of exposure doesn’t require amazing new security tools. Ensuring that systems are secure when deployed and monitoring them for changes is part of doing the basics right. Those security basics apply as much to the cloud as the data center.”

Fortunately, shortly after the exposed data was found the publicly accessible database was "quietly" secured by Walmart. Kromtech found no evidence of ransom notes, but that doesn't mean no one accessed the data.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Securitas Technology Releases 2026 Global Technology Outlook Report
10/15/2025
HID Signs Agreement to Acquire IDmelon, Expand Passwordless Authentication Capabilities
10/15/2025
Convergint Opens New U.S. Headquarters
10/13/2025
ONVIF to End Support for Profile S, Recommends Profile T as Replacement
10/09/2025
Totem Achieves Immix Central Station Certification Status
10/09/2025
SIA Names Yazmina Rawji as 2025 SIA Progress Award Honoree
10/07/2025
SIA Announces Names Martin Gren as 2025 George R. Lippert Memorial Award Honoree
10/07/2025
LocklyPRO Strengthens Sales Leadership Team With Two Industry Veterans
10/07/2025

Featured

Report: AI is Supercharging Old-School Cybercriminal Tactics

AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now
- Cybersecurity
Pragmatism, Productivity, and the Push for Accountability in 2025-2026

Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now
- Access Control
- Artificial Intelligence
Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now
- Artificial Intelligence
- Cybersecurity
Axis Communications Creates AI-powered Video Surveillance Orchestra

What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now
- Artificial Intelligence
Just as Expected

GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now
- Industry Events
- GSX

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.