Hackers hold Superdrug customer data to ransom

Superdrug customers have been told to change their online passwords after the retailer was hacked.

Hackers contacted it on Monday evening, saying they had obtained details on approximately 20,000 customers. So far, Superdrug has seen 386 of those accounts compromised. A spokeswoman commented: “The hacker shared a number of details with us to try and ‘prove’ he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.”

Also of interest: 10m customers affected by Dixons Carphone data breach

Superdrug said on Facebook that it was communicating with Superdrug.com customers and that, while the incident does not include payment card information, it could involve their names, addresses and, in some instances, date of birth, phone number and points balances.

"As a security precaution we have advised all customers to change their online passwords. We are aware that some customers are experiencing difficulties in doing so - we appreciate this is very frustrating and we are doing everything we can on this," it commented.

It added: “We take our responsibility to protect your personal information very seriously and that is why we have let our customers know as soon as we could. We have contacted the Police and Action Fraud (the UK’s national fraud and cybercrime arm) and will be offering them all the information they need for their investigation.”

List of shame

"This is another blow to our collective privacy. There is a laundry list of names of the biggest corporations in the world that have been dealt a collective knock down over the years whether it be Equifax, Anthem, Target, Heartland or eBay, to name a few,” says Sam Curry, Chief Security Officer at Cybereason.

"We know the list of companies suffering breaches where personal information of their customers was compromised is in the thousands. The reality is that the cost to gain information on consumers has plummeted and should be at the forefront of the debate. Today, every consumer should be working under the assumption that their personal information has been compromised many times over, and the latest Superdrug hack is a reminder that they should watch their identities and credit for abuses."

Sign up for our free retail technology newsletter here.

Featured
Interview: Marco Nardone, CEO and Founder, Wineapp
Interview: Marco Nardone, CEO and Founder, Wineapp
Interview: Tyler Gottstein, CEO and Co-founder, Cadi
Interview: Tyler Gottstein, CEO and Co-founder, Cadi
Asda wins RTIH bricks and mortar innovation award
Asda wins RTIH bricks and mortar innovation award
Interview: Keiran Hewkin, Co-founder, Swyft
Interview: Keiran Hewkin, Co-founder, Swyft
Interview: David Lawson, Managing Director, AO Retail
Interview: David Lawson, Managing Director, AO Retail
OnBuy boss talks 2020 successes and 2021 plans
OnBuy boss talks 2020 successes and 2021 plans
Interview: Gregoire Mercusot, Materials Engineer, Decathlon
Interview: Gregoire Mercusot, Materials Engineer, Decathlon
Interview: Tarisa Parrish, CEO, All Tee, All Shade
Interview: Tarisa Parrish, CEO, All Tee, All Shade
Interview: Dave Ashwell, MD, AO Logistics
Interview: Dave Ashwell, MD, AO Logistics
Startup interview: Sophie Baron, Founder, Mamamade
Startup interview: Sophie Baron, Founder, Mamamade
CybercrimeStaff WriterSuperdrug, Cybercrime, Hacking, Fraud, Security, Online retailComment