Superdrug has revealed it has been contacted by hackers claiming to have accessed the details of 20,000 of its customers.
The health and beauty retailer posted on twitter warning its customers of the hack and it “may have resulted in the possible disclosure of some customers’ personal information”, advised its customers to change their online passwords, and said the Police and Action Fraud had been contacted to start an investigation into the hack.
It said that so far it has only confirmed 386 out of the 20,000 accounts had been compromised, and although customers’ names, addresses and in some cases dates of birth, phone numbers and points balances have been compromised, no payment or card information have been taken.
Superdrug’s statement reads: “Today we have been communicating with our Superdrug.com customers to advise them of an event which may have resulted in the possible disclosure of some customer’ personal information. This does not include payment card information but could include customers’ names, addresses and in some instances date of birth, phone number and points balances.
“As a security precaution we have advised all customers to change their online passwords. We are aware that some customers are experiencing difficulties in doing so – we appreciate this is very frustrating and we are doing everything we can on this.
“We are very sorry for the inconvenience and concern this has caused. If you have any questions please contact us on email@example.com.
“We take our responsibility to protect your personal information very seriously and that is why we have let our customers know as soon as we could. We have contacted the Police and Action fraud (the Uk’s national fraud and cyber-crime arm) and will be offering them all the information they need for their investigation.”