Superdrug.com has advised online customers to change their online passwords as a security precaution after hackers claimed to have accessed customer information. The company described “an event which may have resulted in the possible disclosure of some customers’ personal information”.
The company said that a group had contacted them claiming they had stolen details of 20,000 customers, which they would sell unless they were paid a ransom.
Initial checks suggest that Superdrug systems do not appear to have been hacked directly, the company says. “We have worked with our independent IT security advisors who have confirmed that there have been no signs of a hack of our systems (for example, there has been no mass data download or extraction from our systems), they also confirmed that the 386 accounts that were shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to Superdrug.”
“We take our responsibility to protect your personal information very seriously,” Superdrug told customers.
Data losses do not include payment card information, but could include customers’ names, addresses and, in some instances, date of birth, phone number and points balances, said Superdrug.
Sam Curry of cybersecurity analytics company Cybereason commented: “Today, every consumer should be working under the assumption that their personal information has been compromised many times over, and the latest Superdrug hack is a reminder that they should watch their identities and credit for abuses.”