Personal and financial data entered by customers who ordered or updated information on the VisionDirect.co.uk website was compromised and stolen between November 3 to November 8, the London-based company warned in an updated online alert.
The data compromised included “full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV,” according to Vision Direct.
Saved data was not affected and PayPal accounts used to pay for orders were not compromised, though Vision Direct said there is some risk that personal data like names and addresses were accessed.
“If you believe you may have been affected because you logged into your Vision Direct account or updated your personal or financial details on VisionDirect.co.uk between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, we recommend you contact your bank or credit card provider and follow their advice,” the company said, noting that “the breach has been resolved and our website is working normally.”
Noting that financial information is “a high commodity for criminals” and as such, “will always be highly targeted,” Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT), said victims whose accounts were compromised “may be more impacted than you realize and it is imperative you locate and change the security details linked to the stolen credentials” and regularly monitor accounts for identity theft.
“Fortunately, credit cards have decent fraud detection technologies in place to limit an attacker’s use of your credit card, and anything that gets through can eventually be credited back to your account,” Young said.