Vision Direct Cyber Attack Exposes Valuable Customer Data
Vision Direct, Europe’s biggest online supplier of contact lenses has suffered a cyber-attack exposing the data of 16,3000 customers.
Compromised data includes full name, billing address, email address, password, telephone number, and payment card information, including card number, expiry date and Card Verification Value (CVV).
The breach took place between 00:11 GMT on 3 November and 12:52 GMT on 8 November, and during this time frame, any users who were logged into the site placing orders or updating personal information were likely to have had their data stolen.
The Company’s UK site was affected as well as those in Ireland, the Netherlands, Spain, Italy, France and Belgium.
It’s believed the hackers were able to pull off the attack by placing a fraudulent Google Analytics script on the website. The malicious script enabled the criminals to skim sensitive information as it was entered by customers, rather than directly accessing the company’s database.
Vision Direct apologised to its customers for the breach and urged anyone affected to contact their banks or credit card providers and follow their advice. In a further statement the company said: “This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware.
“Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this doesn’t happen again.”
Robert O’Brien, CEO of Cybersecurity firm MetaCompliance believes that organisations can no longer be complacent in their approach to cybersecurity. “In recent months, we have witnessed a steady stream of cyber-attacks that have exposed the data of millions of people around the world. This continual onslaught of attacks demonstrates the persistence of hackers in their pursuit to gain access to this valuable customer data.
“Organisations must have robust systems in place to counter this continual and evolving threat. Whether this means installing critical updates, using firewalls or training staff to recognise the most up to date security threats, every potential access point must be defended.”