Nuna Baby Essentials has disclosed a data breach that went undetected for nearly five months, potentially exposing sensitive information of more than 16,000 consumers.
What happened
On February 3, 2025, Nuna Baby discovered it had been the victim of a cyberattack. An investigation revealed unauthorized access to the company's computer systems dating back to September 8, 2024, during which time an intruder could access and potentially copy confidential consumer files.
What's new
The Pennsylvania-based baby gear company began sending notification letters on February 21st to 16,676 affected individuals. The company also filed a notice with the Maine Attorney General's office, as required by law.
What they're saying
While Nuna Baby has not specified exactly what types of personal information were compromised, the company has launched an investigation with third-party cybersecurity experts to determine the full scope of the incident.
The big picture
This incident raises broader concerns about cybersecurity in the retail sector. The nearly five-month gap between the initial breach and its discovery shows vulnerabilities in monitoring systems and the challenges companies face in detecting unauthorized access. As more retailers collect consumer data for online sales and marketing, securing that information becomes increasingly important.
Looking ahead
Multiple law firms, including Console & Associates and Levi & Korsinsky, have announced investigations into the breach to determine what damages consumers sustained and what compensation may be available. The firms are evaluating potential class action lawsuits on behalf of individuals who received data breach notifications from Nuna Baby.
FAQs
What information was exposed?
The company has not publicly specified the types of compromised data, but affected individuals should carefully review their notification letters for details about their specific exposure.
What should affected consumers do?
Security experts recommend monitoring financial statements, reviewing credit reports, and considering credit freezes through major credit bureaus.
How will consumers be notified?
Nuna Baby is sending written notification letters to all affected individuals whose information was compromised in the breach.
