A security researcher was able to gain full access to the Slickwraps web site using a path traversal vulnerability in an upload script used for case customizations. The researcher claims they were able to access the resumes of employees, 9GB of personal customer photos, API credentials, ZenDesk ticketing system, and personal customer information such as hashed passwords, addresses, phone numbers, and transactions. The breach has since been taken down by Medium.org, but is still available via archive.com.
Source: https://www.bleepingcomputer.com/news/security/slickwraps-data-breach-exposes-financial-and-customer-info/