The Maxwell Scott Bags Breach Put 79,000 Stolen Customer Records Online in 2024

In October 2024, Maxwell Scott Bags, a UK-based luxury leather goods retailer, suffered a database breach that exposed the personal information of nearly 80,000 customers. The leaked dataset included full names, email addresses, and physical home addresses, creating a multi-layered risk for everyone whose data was compromised. If you shopped with Maxwell Scott Bags before this incident, your contact details may already be in the hands of cybercriminals.

Why This Is Dangerous

Retail customer databases are prized targets because they combine verified identities with real-world contact information. When physical addresses are exposed alongside names and emails, attackers can pivot from purely digital fraud to physical mail scams, package interception, and geographically targeted social engineering. Luxury brand customers are frequently targeted for high-value fraud because they are known to make premium purchases.

What Was Exposed

• Email addresses -- used for phishing and account takeover attempts
• First and last names -- enable personalized, convincing fraud
• Physical home addresses -- open the door to mail fraud and physical targeting

Records exposed: 79,193 | Breach type: Database | Date leaked: October 2024 | Country: United Kingdom

Why This Matters

Even without passwords, this data bundle is actionable for criminals in several ways:

• Phishing campaigns: Attackers send convincing emails impersonating Maxwell Scott Bags, couriers, or banks, knowing they have the right name and address.
• Identity theft: Full name plus address plus email is often enough to open fraudulent accounts or pass verification checks.
• Account takeover: Attackers combine this data with credentials from other breaches to access accounts where victims reused passwords.
• Direct mail fraud: Physical address data enables targeted scam letters, fake invoices, or parcel interception schemes.

How a Database Breach Works

A database breach occurs when an attacker gains unauthorized access to the back-end data store of a website or application. Common entry points include SQL injection vulnerabilities in the site's web layer, misconfigured database servers exposed to the public internet, compromised admin credentials obtained through phishing, and insecure third-party integrations. Once inside, an attacker can export the entire customer table in minutes. The data is then typically sold or shared on dark web forums and Telegram channels, where other criminals use it for follow-on attacks.

Check If You Are Affected

Heroic's database contains over 400 billion breached records, making it one of the most comprehensive breach search tools available. Run a free check to find out whether your email address appears in the Maxwell Scott Bags breach or any other known data leak.

Search your email now at Heroic.com -- free, instant, and private.