Apparel company FullBeauty Brands over the weekend confirmed it notified at least 1,191 people of an October 2025 data breach that compromised names and Social Security numbers.
The attorneys general of Texas and New Hampshire disclosed that FullBeauty notified 1,185 people and 6 people in their respective states.
A cybercriminal group called Everest took credit for the breach in mid-November. On November 24, Everest intentionally leaked all of the supposedly stolen data on its website after it said FullBeauty failed to respond by the ransom deadline.
FullBeauty Brands has not acknowledged Everest’s claim, and Comparitech cannot verify the authenticity of the data. We do not know how attackers breached FullBeauty’s network, if FullBeauty paid a ransom, or how much Everest demanded. Comparitech contacted FullBeauty for comment and will update this article if it replies.
“On October 22, 2025, FullBeauty Brands, Inc. (“FBB”) experienced a cybersecurity incident that involved portions of their internal computer network,” says FullBeauty’s notice (PDF) to victims.
“Through this investigation, FBB determined that an unauthorized person
gained access to their network between October 18, 2025, and November 19, 2025, and acquired copies of a subset of the company’s files. FBB reviewed the copied files, and on November 14, 2025, determined that some of the files contained employment-related information.”
FullBeauty is offering eligible victims one year of free credit monitoring and identity theft protection via Experian.
Who is Everest?
Active since 2020, Everest is a ransomware gang and initial access broker. Its victims include NASA, the Brazilian government, and multiple hospitals and clinics. The group went quite in 2022 and 2023 but resurfaced in 2024.
In 2025, Everest claimed responsibility for 15 confirmed ransomware attacks, plus 69 unconfirmed attacks that haven’t been publicly acknowledged by the targeted organizations.
In another high profile attack claim this week, apparel company Under Armour said it is investigating a 343 GB data leak posted by Everest.
Ransomware attacks on US retailers
Comparitech researchers logged 23 confirmed ransomware attacks on US retailers in 2025. Those attacks compromised more than 126,000 personal records.
Ransomware attacks on retailers can both steal data and lock down computer systems, disrupting day-to-day businesses such as logistics, communications, accounting, and more. Retailers must either pay a ransom to restore systems and secure stolen data, or else they face extended downtime, permanent data loss, and putting data subjects an increased risk of fraud.
About FullBeauty Brands
FullBeauty Brands is an umbrella company encompassing more than a dozen clothing brands including Woman Within, Roaman’s, Catherines, Avenue, Jessica London, ellos, June+Vie, ELOQUII, swimsuitsforall, Brylane Home, KingSize, CUUP, Dia & Co, and OneStopPlus.com. It has locations in New York City, Indianapolis, and El Paso.
