Data Breach Notifications

Entity Information

  • Type of Organization: Other Commercial
  • Entity Name: Bath & Body Works Direct, Inc.
  • Street Address: 5 Limited Parkway E
  • City: Columbus
  • State, or Country if outside the US: Ohio
  • Zip Code: 43608

Submitted By

  • Name: Jason Beach
  • Title: Counsel
  • Firm name (if different than entity): Hunton Andrews Kurth LLP
  • Telephone Number: 4048884219
  • Email Address: jbeach@HuntonAK.com
  • Relationship to entity whose information was compromised: External counsel

Breach Information

  • Total number of persons affected (including residents): 7103
  • Total number of Maine residents affected: 1
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
  • Date(s) Breach Occured: 06/20/2021 to 06/25/2021
  • Date Breach Discovered: 06/23/2021
  • Description of the Breach:
    • Other
    • If other, please specify: On June 23, 2021, Bath & Body Works Direct, Inc. (“BBW”) learned that an unauthorized party gained access to personal information in certain BBW online, loyalty accounts with associated gift card information from approximately June 20, 2021 to June 25, 2021. BBW believes that the individual capitalized on a breach of another company’s system where the customer may have used the same login information. The personal information that could have been accessed by the unauthorized party was the viewable information in the customer’s BBW online loyalty account including, for example, name, email address, mailing address (if entered), birth day and month (not year), telephone number, loyalty account number, and any gift card number and gift card PIN linked to the online account. If the customer elected to save payment-card information through their online account, only the last four digits of the payment card saved would have been visible. Purchases made in BBW stores are not impacted. There is 1 Maine resident affected by this issue with an online account and associated gift card. Promptly after learning of the issue, BBW took steps to secure the accounts and determine the nature of the incident. BBW is coordinating with law enforcement. BBW has disabled affected customers’ passwords for the affected online accounts, and has asked them to make new passwords, including for any other accounts for which they use the same or similar username and password. BBW also is addressing gift card balance validation with its customers. Out of an abundance of caution, BBW has arranged to provide potentially affected shoppers with free identity protection service for one year.
  • Information Acquired - Name or other personal identifier in combination with:

Notification and Protection Services

  • Type of Notification: Electronic
  • Date(s) of consumer notification: 08/10/2021
  • Copy of notice to affected Maine residents: BBW -- Customer Notification - 8-10-21.pdf
  • Date of any previous (within 12 months) breach notifications:
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: Out of an abundance of caution, BBW has arranged to provide potentially affected customers with free identity protection service through Experian for one year.