Back to Data breach

Data breach

VisionDirect data breach leaks customers' financial information.

On November 19th, UK-based online optical retail chain VisionDirect revealed that some of its customers’ data was stolen in early November 2018. This data breach affected customers who logged in to their accounts and updated their personal or payment information, or ordered products via the company’s UK website, between November 3 and November 8.

Compromised data includes customers’ full names, billing addresses, email addresses, passwords, phone numbers, and payment card information, including card number, expiration date, and CVV. Even though the company caters to customers in Italy, Belgium, France, Ireland, the Netherlands, and Spain, only the UK site was affected.

Extent of the data breach.

The company confirmed that any personal data that was previously stored in its database was not impacted by the breach. If users made payments using Visa, Mastercard, or Maestro cards during the specified period, their card information was likely compromised. Customers using PayPal during the breach won’t have to worry about stolen credit card information; however, their personal information including name and address might have been accessed.

Vision Direct did not give any indication about who was behind the breach or how the attackers were able to collect customers’ confidential data. However, researchers have been speculating on Twitter that cybercriminal group Magecart could be the mastermind behind the attack. Magecart is known for injecting scripts into e-commerce websites to steal data entered into online payment forms.

Vision Direct has confirmed that it has taken steps to prevent further data theft. The website is functioning as usual, and the concerned authorities have been notified to investigate the theft. Vision Direct has instructed potential victims of the breach to monitor their accounts for identity theft.

Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.

How can ManageEngine help in situations like these?

Log360, our comprehensive SIEM solution, helps organizations:

  • Detect cross-site scripting (XSS) attacks, malicious file installation, DoS attacks, SQL injection, and more with its real-time correlation engine. The solution also notifies you instantly upon an attack or attack attempt and provides detailed investigation reports to prevent future attacks.
  • Spot potential intrusions or unauthorized network access attempts by malicious sources.
  • Detect potential insider threats with the user behavior analytics engine powered by machine learning.
  • Monitor user activity within a database; database transactions; account and permission changes in database servers; and more.
  • Track file creation, modification, and deletion in real time, and generate alerts on security and permission changes to documents in folders and shares.

Get started with Log360.

log-management-real-time-active-directory-change-auditing

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.