Old school hardware chain Robert Dyas may have been quick to lock down its retail outlets following the Covid-19 outbreak, but, it seems, its online data security measures have not been quite so robust after it admitted to being hit by a data breach exposing customers’ personal and financial information.
The retailer closed all its stores on March 23, but its website remained open. In fact, it was so busy that Robert Dyas was forced to introduce a minimum order spend of £50.
Seven days later, on March 30, Robert Dyas said it became aware of the security incident and claims it immediately took steps to block malicious card skimming software.
It has now emailed all affected customers but there is no notice of the attack on the company’s website.
A preliminary investigation has revealed that “an external third party” was able to access customer data on transactions made for over three week period between March 7 and March 30. It enabled hackers to steal the card numbers, expiry dates and, even more damaging, the CVV code of customers’ debit/credit cards.
The incident has been reported to the police as well as the Information Commissioner’s Office. Robert Dyas has also appointed a payment card industry forensic investigator.
A spokesperson said: “We are deeply sorry for the concern and inconvenience this illegal activity has caused some of our customers.”
The company is now advising its customers to contact their banks and credit card providers and to check their account statements for any suspicious activity.
Maasdam busters: Netherlands is EU cybercrime capital
Storm clouds gather over Travelex for hack blackout
17,000 Tesco customers hit by Travelex data breach
Top tourist attractions hit by 110m data theft attacks
Half of UK firms would pay ransom to avoid GDPR fine
Over 40% of firms suffered cyber breach in past year
Firms warned over new wave of nefarious cyber attacks
TNT Express rocked as cyber attack wipes out $300m