Walmart data breach: what happened, who was affected, and how to protect your account

Cyberattacks against retailers around the world are on the rise, putting customer data at risk. As part of this troubling trend, Walmart experienced multiple security breaches in 2023 and 2024. The Walmart data breach incidents involved vendor error, insider abuse, phishing, credential stuffing, and minor technical issues.
This article will break down what happened during the 2023–2024 Walmart cyber attack and data leak incidents, who was affected, and what types of information were exposed. We’ll also share steps you can take to protect your Walmart account and personal data going forward.
Was Walmart hacked recently?
While Walmart did have a few security mishaps in 2023 and 2024, the most recent one wasn’t a direct hack into Walmart’s own systems but rather a vendor’s email error that exposed employee Social Security Numbers.
Before that, an insider abused Walmart’s systems to commit payroll fraud, and there was a successful phishing attack possibly involving credential stuffing. In both cases, customer and employee data were put at risk.
Overview of recent Walmart security incidents

Merrill Lynch 401(k) data leak
Merrill Lynch, Bank of America’s investment and wealth management division, operates retirement plans for Walmart employees. In April 2024, a Merrill employee accidentally exposed sensitive information by emailing full names and Social Security numbers to an unauthorized recipient.
This mistake affected 1,883 Walmart workers enrolled in the 401(k) plan. Merrill discovered the error within six days, notified Walmart, and confirmed that the email had been deleted. So far, there are no signs the exposed information has been misused.
Payroll system abuse
Between September 2023 and March 2024, a Walmart employee gained unauthorized access to the company’s management and payroll system and committed payroll fraud. They accessed other colleagues’ accounts and changed payroll details to redirect payments to a fraudulent account.
The employee management accounts also contained sensitive information. As a result, this Walmart data leak exposed names, dates of birth, phone numbers, email and mailing addresses, Social Security numbers, and bank account and routing numbers.
Spark Driver portal breach
Another Walmart data breach happened between December 2023 and February 2024. Hackers gained access to Walmart’s Spark Driver app and, within those two months, compromised over 200 driver accounts.
Spark Driver is a Walmart portal used by independent contractor drivers to deliver orders. Walmart emphasized it wasn’t an attack on their systems, but an account takeover incident that probably involved a mix of phishing and credential stuffing.
The hackers exposed the drivers’ sensitive information, including names, dates of birth, phone numbers, email and mailing addresses, Social Security numbers, and driving license numbers. Walmart informed the authorities about the incident and notified the affected drivers.
How Walmart responded to the security incidents
After the April 2024 data leak, Merril Lynch notified Walmart and submitted a formal notice to the Maine Attorney General. Together, the two companies mailed notification letters to the affected Walmart employees. Everyone got 2 years of free credit monitoring through Experian IdentityWorks.
Following the payroll incident, Walmart secured the compromised employee accounts and launched an investigation. They fired the employee who committed this fraud and reported it to law enforcement. Affected employees were notified by mail and offered two years of complimentary credit monitoring.
The Sparks Driver app incident also prompted cybersecurity improvements. The retail giant recovered the compromised accounts and introduced additional verification steps to access drivers’ sensitive information. Impacted drivers also received two years of free credit monitoring.
Despite these efforts, many customers were unhappy with customer support in light of all the Walmart data leaks.
Some were surprised by unauthorized charges to their bank accounts, without any trace in their Walmart order history. “The bank issued stop payments on the pending charges (I caught it before they processed). Walmart… refused to cancel the charges. Refused to stop future unauthorized charges. Refused to do absolutely anything. I got a wishy-washy promise that the billing department would probably e-mail me by tomorrow,” one Reddit user wrote.
Ongoing threats to Walmart users
Walmart accounts hacked
Online retail platforms are a frequent target for cybercriminals because they collect a mix of personal and financial information. Walmart accounts are also at risk due to the retailer’s popularity and limited account protection measures.
Other major retailers, like Amazon — which has also had its share of security lapses — have implemented two-factor authentication (2FA) to add extra protection, but Walmart has yet to introduce this feature. As a result, Walmart accounts are more vulnerable to credential stuffing, where attackers use previously leaked login credentials. through credential stuffing, for example, by trying out reused login credentials exposed in previous breaches. Phishing scams are also common.
A growing number of customers complain about their Walmart account takeovers. In many cases, people struggle to get proper support or refunds.
Identity theft and financial fraud
My wife logged onto her Walmart account today and noticed that hackers have been placing fraudulent orders since 2022…There are five credit cards as payment options on the account that we don’t recognize. The troubling thing is that they all show my wife’s name on the card.
Unfortunately, identity theft incidents are not rare. People affected by the Walmart cyber attacks have their personally identifiable information (PII) stolen. Hackers can use such sensitive information to open new credit cards or get loans in your name.
Fraudulent orders
Some Walmart customers were surprised to receive random products from Walmart after unauthorized orders were placed on their accounts.
“Hacker got into my Walmart account and ordered multiples (2 and 3) of the same body wash, deodorant, lotion, and had it delivered to my house with express delivery and tipped the driver almost $15. Total ended up being $190. Complained to the credit card company (Barclays) and they couldn’t help me because Walmart said the delivery address matches my credit card address.”, a Reddit user wrote.
You might be wondering: why would someone do this? There seems to be no gain for the criminal. But, fraudulent orders delivered to your address may be part of a larger scheme:
- Cybercriminals may want to test if your payment method works before taking larger sums of money.
- They might also want to generate a valid tracking number to show proof of shipping for another fraudulent purchase.
- Sometimes, they might just not want to alert the system. By ordering random products to your actual shipping address, they can get away with making larger purchases and shipping them to a different pick-up location.
What to do if your Walmart account was hacked and your data was exposed
Signs your account may have been compromised
Here is how to tell if your Walmart account was hacked:
- Strange orders or charges. If you notice items you didn’t order in your Walmart order history or see unauthorized charges from Walmart on your bank statement, it’s a clear red flag.
- Notifications of account changes. If you suspect your Walmart account was compromised, check your settings to make sure you receive email notifications for any changes. You might notice a new payment method or shipping address added.
- Delivery of items you didn’t order. If random products that you didn’t purchase show up at your door, it’s a strong sign your Walmart account may have been compromised.

Steps to take immediately
- Change your Walmart password. It’s safe to assume your password was compromised, so change it without delay. Use a complex and unique one. If you’ve used that password anywhere else, update those accounts as well.
- Remove saved payment methods. If you do this one time, it might prevent hackers from making orders in your name. Still, it’s possible that hackers have already scraped your financial information.
- Contact your bank to report fraud. Let your bank know they should be on the lookout for strange activity.
- Report to Walmart support and IC3.gov. Make sure to report the incident to Walmart and the Internet Crime Complaint Center (IC3.gov). They will hopefully be able to assist you and provide advice on what to do next.
- Review your credit reports and account statements. Check for any unfamiliar transactions, no matter how small they are. Keep a close eye on your transactions in the next few months.
- Check email exposure via HaveIBeenPwned. This tool allows you to see if your email address has been exposed in a data breach before.

How to protect your data from future breaches
Use strong, unique passwords
A complex and unique password is your first line of defense against cyberattacks. If you have trouble memorizing passwords for different platforms, use a password manager.
Turn on 2FA wherever possible
Think of multi-factor authentication as an extra layer of security. Even if fraudsters crack your password, they would get stuck without the 2FA code. You could receive the code through email or SMS, but it’s best to use a designated 2FA app.
Don’t save payment data unnecessarily
As convenient as it may be, try to fight the urge to save your payment methods on websites. This practice gives hackers direct access to your finances. Instead, manually insert your card details each time you make a payment.
Set up transaction alerts on your cards
Time is money when it comes to fraudulent transactions. If you catch unfamiliar charges early, you can dispute them and get your money back. So head over to your banking app settings and set up transaction alerts.
Beware of phishing and other scams
If an offer seems too good to be true, it’s likely phishing. It might come in the form of a fake email from Walmart or a call from a faux CS representative. Don’t click on links, download files, or reveal your sensitive information over the phone.

How Onerep helps reduce your personal data exposure
You might think that what you post or others share about you online is harmless. Who cares where you live, or what your relatives’ names are? For one, data broker websites. They collect all this information that can be used by cybercriminals to profile you, design targeted phishing attacks, or answer your security questions.
Onerep keeps your personal information away from prying eyes. Our tool scans over 230 data broker websites and lets you know which ones contain your information. We can get it taken down and keep monitoring these sites to ensure it stays that way. This protects you from targeted scams and ID theft.
Frequently Asked Questions
Was Walmart hacked today?
Walmart data leaks have become more frequent in the past couple of years. The latest attack occurred in April 2024. Although their core systems haven’t been breached yet, the company has been involved in a few other cybersecurity incidents.
How do I know if my Walmart account was hacked?
Look for telltale signs of a hacked Walmart (or any other online retailer) account. If you notice orders in your history or bank charges you didn’t make, or receive products you didn’t order, your account is likely compromised. Remember to stay calm and take steps to protect your account right away.
Has Walmart had previous data breaches?
Walmart suffered a few data leaks in 2023 and 2024, but none of them involved an actual breach of Walmart’s core systems. In April 2024, there was an incident related to Merrill Lynch. Between September 2023 and March 2024, a Walmart employee had access to their payroll system. The Spark Driver portal was compromised in December 2023 and February 2024.
Mikalai is a Chief Technical Officer at Onerep. With a degree in Computer Science, he headed the developer team that automated the previously manual process of removing personal information from data brokers, making Onerep the industry’s first fully automated tool to bulk-remove unauthorized profiles from the internet.