Superdrug has become the latest high-profile brand to be hit by a major data breach, with hackers claiming to have accessed the online accounts of up to 20,000 customers.
The information which has been compromised includes names, addresses, date of birth and phone numbers, but Superdrug has stressed no credit card details have been accessed. The health and beauty retailer has urged customers to change their passwords.
The company has tried to gloss over the issue by claiming there is no evidence to suggest its systems have been hacked, insisting the criminals must have purloined email addresses and passwords from other sites and used them to log into their Superdrug accounts.
After trying to prove that it had access to the accounts, the hacking group allegedly tried to extort a ransom.
In a statement, the company said: “We are very sorry for the inconvenience and concern this has caused.
“We take our responsibility to protect your personal information very seriously and that is why we have let our customers know as soon as we could.”
Superdrug said it had contacted the police and Action Fraud and will be offering their full co-operation with the investigation.
Butlin’s customer holiday plans exposed in online raid
Bosses finger youngsters for data loss but are guilty too
Top brands caught with trousers down on email security
Firms warned over new wave of nefarious cyber attacks
UK firms ‘leaving themselves wide open to ransomware’
Millions of Instagram users hit by major hack attack
Data breach at games giant CeX hits 2m customers
Data breaches ‘hit shares, sales and growth for years’
20,000 Tesco Bank accounts raided in hack attack