They were contacted by a group of hackers who claimed to have obtained the details of 20,000 customers, including names, address, dates of birth and phone numbers.
Superdrug has urged customers to change their passwords after the attack and said that they had seen evidence of 386 comprised accounts.
The company said the information stolen did not include payment card information.
“We believe the hacker obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website. We take our responsibility to protect your personal information very seriously and that is why we have let our customers know as soon as we could. We have contacted the police and Action Fraud [the UK’s national fraud and cyber-crime arm] and will be offering them all the information they need for their investigation.”
This attack echoes that on Dixons Carphone, which is thought to have had personal data belonging to 10 million customers illegally accessed, making it one of the biggest-ever data breaches.
If your company’s data was breached, would you know what to do?
If your cyber security is poor, you could face fines and loss of confidence from customers.
By becoming Cyber Essentials certified, you can showcase that your organisation takes a proactive stance against malicious cyber attacks.
The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.