The number of J. Crew customers impacted by this incident is not stated, although the letter submitted to the State of California Department of Justice is a multi-state notification. Additionally, California law states that businesses are required to issue a security breach notification if it impacts more than 500 California residents.
Although J. Crew is a recent victim of a data breach, other retailers, including Hudson’s Bay and Macy’s, have also suffered hacks in recent years.