On November 19th, UK-based online optical retail chain VisionDirect revealed that some of its customers’ data was stolen in early November 2018. This data breach affected customers who logged in to their accounts and updated their personal or payment information, or ordered products via the company’s UK website, between November 3 and November 8.
Compromised data includes customers’ full names, billing addresses, email addresses, passwords, phone numbers, and payment card information, including card number, expiration date, and CVV. Even though the company caters to customers in Italy, Belgium, France, Ireland, the Netherlands, and Spain, only the UK site was affected.
The company confirmed that any personal data that was previously stored in its database was not impacted by the breach. If users made payments using Visa, Mastercard, or Maestro cards during the specified period, their card information was likely compromised. Customers using PayPal during the breach won’t have to worry about stolen credit card information; however, their personal information including name and address might have been accessed.
Vision Direct did not give any indication about who was behind the breach or how the attackers were able to collect customers’ confidential data. However, researchers have been speculating on Twitter that cybercriminal group Magecart could be the mastermind behind the attack. Magecart is known for injecting scripts into e-commerce websites to steal data entered into online payment forms.
Vision Direct has confirmed that it has taken steps to prevent further data theft. The website is functioning as usual, and the concerned authorities have been notified to investigate the theft. Vision Direct has instructed potential victims of the breach to monitor their accounts for identity theft.
Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.
Log360, our comprehensive SIEM solution, helps organizations:
You will receive weekly cybersecurity news soon!
2022 Zoho Corporation Pvt. Ltd. All rights reserved.