³ÉÈË¿ìÊÖ

Superdrug's online customers targeted by criminals

  • Published
A Superdrug outletImage source, Superdrug
Image caption,

Superdrug will open 30 new stores across the UK and Ireland this year

Superdrug has warned its online customers to change their passwords after criminals claimed to have obtained their personal details.

The chain said the group claimed they had stolen details of 20,000 customers, but it had only seen evidence so far that 386 customers had been affected.

Names, addresses and "in some cases" date of births and phone numbers "may have been accessed", Superdrug said.

No customers' payment card details had been accessed, it said.

Superdrug said there was "no evidence" its systems had been compromised.

It said it believed the criminals had got customers' email addresses and passwords from other websites "and then used those credentials to access accounts on our website".

The group had tried to extort a ransom from Superdrug, it said.

The retailer said it had "notified directly" all customers which it believed had been affected.

It also posted a tweet, telling customers the email they sent was "genuine".

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.
The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
Skip twitter post by Superdrug

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read and before accepting. To view this content choose ‘accept and continue’.

The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
End of twitter post by Superdrug

Some customers reacted with anger to the tweet, saying the chain should have apologised.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.
The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
Skip twitter post 2 by Claire Lagan

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read and before accepting. To view this content choose ‘accept and continue’.

The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
End of twitter post 2 by Claire Lagan
This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.
The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
Skip twitter post 3 by Chris Wilson

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read and before accepting. To view this content choose ‘accept and continue’.

The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
End of twitter post 3 by Chris Wilson

Superdrug said it had informed the police as well as the UK's national fraud and cyber-crime arm, Action Fraud, about the issue.

"We… will be offering them all the information they need for their investigation," they said.

Cyber attacks are a growing threat for companies.

Last year, Dixons Carphone, which owns Carphone Warehouse and Currys PC World, suffered a huge data breach involving 10 million customers.

In 2015, TalkTalk was hit by a cyber attack which led to the theft of the personal data of nearly 157,000 customers.

The telecoms firm was fined £400,00 for the breach, with the Information Commissioner's Office saying security was so poor that the attack succeeded "with ease".