United Kingdom-based online optical retailer Vision Direct has become the latest victim of a cyber-attack after hackers breached its website and stole customer data including their financial data. The firm notified in a release that customers who either made an ordered or updated their financial details between between 12.11am on 3 November and 12.52pm on 8 November may have had their details compromised.
“The stolen data included personal and financial details of customers logging in and making changes on the VisionDirect.co.uk website. Vision Direct has taken the necessary steps to prevent any further data theft, the website is working normally, and we are working with the authorities to investigate how this theft occurred,” Vison Direct stated in a notification. The compromised data includes the names of the customers, their phone numbers, email addresses and passwords as well as card numbers, expiry dates and CVVs.
“This data was compromised when entering data on the website and not from the Vision Direct database. The breach has been resolved and our website is working normally,” the notification read.
The payment details stored in the database were not affected unless the data was used to make any transaction during the aforementioned time duration. “There is no risk of data already stored in our database. The breach only impacted new information added or updated on the VisionDirect.co.uk website between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018,” it said.
Customers who used PayPal to make the transactions are not affected, while users of Visa, Mastercard, and Maestro are on the red zone. The optical retailers offered their apologies and have requested customers to reach out to their respective banks and follow their instructions.
According to BBC, nearly 6,600 customers may have had their financial data compromised, while,700 people had had personal data exposed. “This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware,” a spokeswoman for Vision Direct told the publication. “Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again.”