Fine art printing service provider Pixtura investigates alleged breach involving customer bank and ID data

Pixtura, an Italy-based fine art printing service provider, came under scrutiny after attackers claimed to have breached the company’s systems and stolen thousands of bank account numbers and identification documents. The claim surfaced on a widely used data leak forum where stolen information is frequently traded.

A sample of the purported data showed user emails, hashed passwords, full names, phone numbers, bank account IBANs, and ID numbers. The sample indicated that not every record contained all data types, with email addresses appearing far more frequently than bank account details. The IDs included in the sample appeared to be legitimate.

The leaked information suggested that customers who made online purchases were affected. No payment card data appeared in the sample. Some of the exposed passwords were hashed using insecure methods such as MD5 and SHA-256, both vulnerable to cracking attempts, while others used Bcrypt, a more secure standard.

Individuals with exposed IBANs face elevated risks because attackers could attempt to impersonate account holders to gain control of financial accounts or commit other forms of financial fraud. Identity theft attempts could also arise where IDs, emails, and phone numbers appeared together in the same record.

The publication contacted Pixtura for comment and is awaiting a response. The incident emerged during a period of heightened cyberthreat activity as the Black Friday shopping season approaches. Recent analysis showed a surge in Black Friday-themed phishing attempts, with malicious emails representing roughly 8 percent of all observed messages at the start of November. While large e-commerce brands attract significant malicious attention, smaller platforms also face increased targeting due to typically lower security resources.