Hacker claims to have stolen details of 20,000 Superdrug customers
Superdrug’s website has been targeted by a hacker claiming to have obtained details of “approximately 20,000 customers”, the multiple has confirmed.
Superdrug was contacted by the individual on Monday (August 20) evening, who was seeking ransom after claiming to have obtained customers’ online shopping details, the multiple told C+D.
Customers’ names, addresses and, “in some instances”, dates of birth, phone numbers and “points balances” may have been accessed, Superdrug said this morning (August 22).
“No payment card information has been compromised,” it stressed.
“We believe they obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website,” Superdrug said.
The hacker’s claim that around 20,000 customers have been affected “has not been confirmed”, the multiple added.
“There have been no signs of a hack of our systems” and “the 386 accounts that were shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to Superdrug”, it said.
“No evidence” of Online Doctor impact
Superdrug told C+D it has “no evidence to suggest” customers of the multiple’s online doctor service were impacted by Monday’s attack.
It has contacted the UK's national fraud and cyber crime reporting centre and notified customers it believes may have had their accounts accessed, it said.
It is also advising online users to regularly change their passwords.
“We are aware that some customers we contacted and asked to change their passwords had difficulty logging in due to the number of people who are using the website, and we apologise for any inconvenience caused,” Superdrug said.
Notices to customers on Twitter
To customers who have received an email from us today, this email is genuine. We recommend you follow the steps we outlined.— Superdrug (@superdrug) August 21, 2018
Last year, the NHS was targeted by a global 'ransomware' attack, which resulted in patients being diverted away from hospitals, operations cancelled and clinicians unable to access patient records or use phone lines. Read how pharmacists were left to pick up the pieces after the cyber attack left many GP surgeries unable to send prescriptions here.