Vision Direct suffered a data breach impacting customers’ personal and financial data
- The details compromised include payment card information such as card numbers, CVV numbers and expiry dates.
- The personal information stolen in the breach includes customers’ names, billing addresses, email addresses, passwords and telephone numbers.
UK-based contact lens supplier, Vision Direct suffered a serious data breach that may have lead to the compromise of personal and financial details of some of its customers. The number of customers impacted by the breach is currently unknown.
The breach saw hackers steal customers’ personal information including names, billing addresses, email addresses, passwords and telephone numbers. It is not clear if the passwords were stored in plaintext or in hashed format.
According to a notification statement released by the firm, the breach occurred between November 3 and November 8, 2018. Customers who logged in or created a new account between 12:11 am GMT on 3rd November and 12:52 pm GMT on 8th November may have been affected by the breach.
The details compromised include payment card information such as card numbers, CVV numbers and expiry dates. Customers who made payments via Visa, Mastercard or Maestro may also have been impacted by the breach. However, any personal data that has been updated or was available in the company’s database prior to November 3 and after November 8 was not compromised.
“As the information was compromised as it was being entered into the site, any existing personal data that was previously stored in our database was not affected by the breach. All payment card data is stored with our payment providers and so stored payment card information was not affected by the breach,” Vision Direct said in a statement.
“All customers that logged in or updated their details between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 inclusive were affected. Nobody was affected before or after these dates and times. This includes new customer accounts created during this time period,” the firm added.
The firm has started to notify the affected customers. A separate email has been sent to each customer urging them to change their account password. At present, the incident has been resolved and the website is back to normal.