Brinztech Alert: Database of FULLBEAUTY Brands is Leaked (161GB)

Dark Web News Analysis

A threat actor, identified as the Everest ransomware group, has leaked a massive 161 GB database belonging to FULLBEAUTY Brands on a known cybercrime forum. The breach, discovered around November 14, 2025, reportedly includes “millions of personal data records” and extensive internal company files.

Brinztech Analysis:

• The Target: FULLBEAUTY Brands is a major US-based retail holding company (NYC) specializing in plus-size apparel. It operates a portfolio of well-known e-commerce sites, including Woman Within, Roaman’s, ELOQUII, Jessica London, and Swimsuits For All. A breach here compromises the data of millions of customers across multiple diverse storefronts.
• The Threat Actor: Everest is a sophisticated ransomware cartel known for its “double extortion” tactics—stealing data before encrypting systems, and then selling the data if the ransom isn’t paid. Their involvement suggests this was a targeted, high-impact intrusion, likely involving prolonged access to internal networks.
• The Data: The 161 GB volume is significant. It likely contains:
  • Customer PII: Millions of names, addresses, phone numbers, and purchase histories from the various brands.
  • Internal Corporate Data: Financial reports, employee records, vendor contracts, and potentially marketing strategies.

This incident occurs amidst a broader 2025 campaign targeting the retail and fashion sectors, following recent breaches at Kering (Gucci/Balenciaga) and Harrods.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to the retail sector and consumers:

• Massive Data Compromise: The leak involves “millions of personal data” records and a substantial “161 GB internal company data,” indicating a large-scale data breach with severe implications for customer privacy and operational security.
• Multi-Brand Impact: Because FULLBEAUTY operates as an umbrella for over a dozen brands, a single breach of the parent company’s central infrastructure exposes customers of all subsidiary brands, demonstrating the risk of centralized data warehouses.
• Direct Exposure on Dark Web: The presence of direct download links on a hacker forum confirms the exfiltration and public availability of the data, significantly increasing the risk of malicious exploitation by low-level fraudsters and identity thieves.
• High-Value Target for Adversaries: Retail/e-commerce companies like FULLBEAUTY Brands are attractive targets due to their extensive customer databases and sensitive internal business information, making them prone to such breaches.

Mitigation Strategies

In response to this claim, the company and its customers must take immediate action:

• Immediate Incident Response and Verification: Activate the incident response plan, urgently verify the authenticity and scope of the leaked data, secure all potentially compromised systems, and engage forensic experts.
• Proactive Customer Notification: Notify customers across all subsidiary brands (Woman Within, Roaman’s, etc.) immediately. Transparency is vital. Warn them of targeted phishing emails mimicking order confirmations or return requests.
• Enhanced Data Encryption and Access Controls: Implement stringent encryption for all sensitive data at rest and in transit, coupled with robust access control mechanisms (e.g., multi-factor authentication, Zero Trust principles) across all internal systems.
• Employee Security Awareness Training: Conduct mandatory and regular security awareness training for all employees, focusing on phishing, social engineering tactics, data handling policies, and the importance of strong, unique passwords to prevent internal compromise vectors.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com