TC verified the claims by contacting people from a sample of 1,000 records using information only they would know.
We’ve asked the company for comment.
While the intruders don’t appear to have taken particularly sensitive info, like payment cards, it’s still a significant breach — especially when the seller intends to make the data available through the dark web. It also raises questions as to why StockX alerted users to password resets without explaining what had happened or the extent to which users’ data was at risk. Simply put, victims didn’t know how large the problem really was.