Fashion Group Mexico, the company behind brands such as GOC Makeup, Pink Up, and G&K MakeUP, suffered a massive data breach that exposed the information of more than 132,000 Mexican women who had ever purchased cosmetics or accessories from its stores.
The leaked data includes partial banking, personal, and even tax information, posing a real risk of fraud, extortion, or identity theft. All of this is happening in a context where many women share their data with these stores to accumulate points, shop online, or request invoices, trusting that their information is secure.
Leak of personal and banking data appears on cybercriminal forum
The stolen information was published on a dark web forum where data leaked by hackers often circulates. Everything points to the files coming directly from the systems of Fashion Group, a company that manufactures and operates brands such as GOC Makeup, Pink Up, and G&K MakeUP.
Based on the names of the files and the way they are organized, everything indicates that the leak is real and particularly affects customers of GOC Makeup and G&K MakeUP. It is estimated that more than 132,000 people in Mexico have been affected by this security breach.
What exactly was leaked?
After reviewing the files leaked by Publimetro Mexico, it was confirmed that the hack exposed internal databases belonging to Fashion Group Mexico and its brands, including tables containing customer information (cliente.sql, BONOS_CLIENTES.sql) and records related to purchases, vouchers, and billing.
In short, this was a massive leak that exposed much more than just emails or names. We are talking about personal, tax, and even banking data. Some of the files include information such as:
- Full names and surnames
- Personal or cell phone numbers
- Email addresses
- Full addresses (street, neighborhood, zip code, city, and state)
- RFC and, in several cases, also CURP
- Dates of birth
- Partial bank accounts or CLABE numbers
- Company names and tax information registered with the SAT
- Branch where the person made purchases
- Loyalty voucher amounts and balances
- Complete purchase history, including dates
- Date of registration and last profile update
- Users or emails linked to loyalty programs
- Active electronic vouchers with their respective codes
- Billing, consumption, and transaction records
- Credit limits assigned to some customers
- Discounts applied and loyalty level
- Synchronization status with internal systems
- Voucher usage dates, voucher folios, and unique codes
- Customer ID
- Internal notes on each customer
- In some cases, linked bank statements
- Details of payments made at branches
- Purchasing preferences and usual store
- And, surprisingly, even emergency contacts and data related to returns or exchanges
As you can see, this is not just a list of emails or names. It is a database with enough information to commit fraud, identity theft, and even access services or products on behalf of those affected.
The leak was also shared on several Telegram channels (Source: Publimetro)
Read more: Top 10 Telegram Groups and Channels on the Dark Web
What are the real risks for those affected?
This hack is not just a technical or distant issue: it can directly affect the daily lives of thousands of women, even without them realizing it at first.
With the leaked information, criminals have enough to steal identities, open bank accounts, or contract services in the victims' names. This can result in debts they never incurred, unknown charges, or even problems with the IRS for transactions they did not make.
There is also a serious risk of tax fraud. With the RFC and CURP, cybercriminals can generate fake invoices, create shell companies, or use them as part of money laundering schemes, all without the victims' knowledge.
And when it comes to phishing, the danger increases even more. With real data in hand, scammers can send personalized messages. They use your name, address, or purchase history to make them appear legitimate, increasing the chances that people will trust them and fall for the scam.
In addition, with full names, phone numbers, and addresses exposed, there is the possibility of extortion or harassment. It is not uncommon for some people to start receiving threatening calls or messages, which creates a great sense of insecurity.
And if that weren't enough, the leakage of banking data such as CLABE accounts also opens the door to more sophisticated fraud, such as social engineering, where criminals simulate deposits, fake refunds, or create convincing stories to get people to voluntarily transfer money.