Superdrug has become the latest big-name high street brand to have suffered a breach of customer data, after hackers apparently tried to hold the firm to ransom.
The retailer has been sending emails out to those affected after reports suggested hackers contacted the firm on Monday to say they had data on 20,000 customers.
“The hacker shared a number of details with us to try and ‘prove’ he had customer information — we were then able to verify they were Superdrug customers from their email and log-in,” a spokeswoman told ITV News.
The firm has apparently confirmed the validity of over 300 compromised accounts but appears to be trying to minimize the fall-out.
Superdrug had issued a tweet earlier this week, to say that an email sent from them is genuine, and that the steps outlined should be followed.
Data stolen reportedly includes:
- dates of birth
- phone numbers
- points balances
Financial information is not believed to have been breached. Superdrug is maintaining that its systems have not been compromised and instead that customer emails and passwords were obtained from breaches of other sites.
Superdrug claimed to have contacted the police and Action Fraud UK and has urged its customers to change the passwords on their accounts.
- Change the password for your Superdrug account - and any else with the same, or highly similar, passwords
- If Superdrug have emailed you, log into your accounts via the Superdrug website, rather than clicking on an email link - scammers may still pretend to be the company, and send out scam emails to capture more information about you
- Be aware of any scam phone calls or text messages, as phone numbers are known to have been breached