Emma Sleep customers in data breach rude awakening

emma mattressCustomers of bed and mattress specialist Emma Sleep UK might not be getting much shut-eye in the days and weeks ahead after the company has admitted to suffering a British Airways-style online attack, enabling hackers to skim credit or debit card data from its website.

Customers are being told about the breach via email, with the business saying it was “subject to a cyber attack leading to the theft of personal data”.

The email adds: “This was a sophisticated, targeted cyber-attack on the checkout process on our website and personal information entered, including credit card data, may have been stolen, whether you completed your purchase or not.”

The company has confirmed that it was a so-called “Magecart attack” via the Adobe Magento ecommerce platform, affecting customers in 12 countries.

It is the same technique used to steal the credit and debit card data of 40 million British Airways customers’ data in 2018, which ultimately led to a £20m fine from the UK Information Commissioner’s Office.

Emma Sleep CEO, Dennis Schmoltzi, confirmed in a statement to that the cyber-attack had occurred between January 27 2022 and March 22 2022.

Schmoltzi added: “Personal customer information, including credit card data, was stolen. While we never process or store credit card data ourselves, the type of attack was redirecting information as it was typed into form fields in the browser of the user. As of today, we are not aware of any successful abuse of this data.

“As soon as we became aware of this attack, we took immediate action to remove the threat and ensure the security of data, launched a full investigation, and reported this to the relevant authorities, including the police. We also directly contacted all those customers who may have been affected.”

Related stories
No going back: Brits even more ruthless over data loss
Robert Dyas online store raided in card skimming hack
Hotel hell: Fresh Marriott data breach hits 5.2 million
Maasdam busters: Netherlands is EU cybercrime capital
Hack attack fears push UK cyber security to over £8bn
BA ‘humiliates’ ICO by slashing £183m fine to £20m
Fresh delay to Marriott and BA fines fuels ICO criticism
BA and Marriott block £282m GDPR fines – yet again