Revolution Dancewear Breach Exposes Data of Nearly 6,000 U.S. Individuals, Including 183 in Maine

Revolution Dancewear systems experienced unauthorized access for nearly three weeks, impacting the personal data of 5,841 individuals across the U.S., including 183 in Maine.

Revolution Dancewear, a global supplier of dance apparel and accessories, recently confirmed a data breach affecting thousands of its customers. An unauthorized party accessed internal systems for an extended period, leading to a compromise of sensitive personal information.

An unauthorized entity gained access to Revolution Dancewear's internal systems from March 16, 2025, through April 3, 2025. This intrusion prompted an internal investigation with third-party cybersecurity experts. On March 17, 2026, the company confirmed that personal information had likely been compromised due to this access. The exposed data includes first and last names, dates of birth, Social Security numbers, financial account details, and credit or debit card numbers. Driver’s or state license numbers, handwritten or electronic signatures, health-related information, and health-related financial information were also impacted. Further exposed data points include IP addresses, individual taxpayer identification numbers, passport numbers, and social insurance numbers. Approximately 5,841 individuals in the United States were affected by this incident. This total includes 183 individuals residing in Maine.

The scope of compromised data presents significant risks for affected individuals, ranging from identity theft to financial fraud. Exposed Social Security numbers, financial account details, and driver’s license numbers provide ample data for malicious actors. Individuals potentially impacted should remain vigilant. They should monitor financial statements and credit reports for suspicious activity. Placing a fraud alert or freezing credit can also provide protection against unauthorized account openings.

### What Defenders Should Do

This incident highlights the critical need for robust security postures and timely incident response. Organizations must implement multi-factor authentication (MFA) across all internal systems to deter unauthorized access. Regular security audits and penetration testing can identify vulnerabilities before exploitation. Companies should also develop and frequently test an incident response plan. This plan includes clear steps for detection, containment, eradication, recovery, and post-incident analysis. Prompt discovery and disclosure timelines also enhance an organization's ability to mitigate potential harm and meet regulatory requirements. Monitoring internal network traffic for anomalous behavior, consistent with MITRE ATT&CK Tactic TA0009 (Collection) or TA0007 (Discovery), can aid early detection of unauthorized presence. Implementing endpoint detection and response (EDR) solutions strengthens defenses against persistent threats. Organizations and individuals must remain vigilant in an evolving threat landscape, prioritizing robust security measures and prompt incident response to protect sensitive data moving forward.