Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
We’re only in March, and we’ve already seen LOQBOX hacked, MGM breached, and Travelex held to ransom this year. Now, Boots Advantage Card and Tesco Clubcard customers have been targeted by hackers too.
Warnings have been issued by both retailers, and Boots has suspended people being able to use loyalty points for payments. Around 600,000 Tesco Clubcard customers are thought to have been targeted, and it may be the same hackers behind the attacks.
It’s important to point out that neither Boots nor Tesco’s systems have been compromised, according to their communication. This appears to be a case of hackers using information stolen from separate hacks to then try and break into Boots and Tesco customer accounts. This is precisely why we point out that even small attacks can lead to wider problems, and why people should never use the same login credentials across multiple platforms.
Hundreds of thousands of Boots Advantage Card and Tesco Clubcard customers collectively could be at risk from criminals who may be trying to use stolen credentials to steal loyalty points.
Security systems for both retailers are understood to have identified the attempts to break into accounts, and customers are being warned to stay vigilant. It appears that hackers may be using stolen credentials from external hacks to break into accounts and then commit fraud and theft using compromised accounts.
A statement from Boots, who believe less than 1% of customers have been potentially affected (which could be fewer than 150,000 people), said:
“We are writing to customers if we believe that their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them. We would like to reassure our customers that these details were not obtained from Boots”.
A spokesperson for Tesco said:
“We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers. Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”
There have been so many cyberattacks in the last few years, with billions of records compromised worldwide. All it can take is a username and even a hashed or partially encrypted password to use software to then compromise login credentials.
If one person is affected by more than one attack, and more bits of stolen data is pieced together, the risks can be greater. If someone has used the same password for two websites, each of which has a partially encrypted password with different letters compromised, you can see how hackers can string the data together.
Hackers can also use brute force attacks with software to try and guess common passwords being used against lists of email addresses that are being used as usernames. If any passwords are just words or place names, they could be compromised.
It appears in the Boots Advantage Card and Tesco Clubcard case, this is the kind of attack that has been taking place. Security systems can identify these kinds of attacks when unusual activity is flagged on a large number of accounts in a short space of time, which highlights the importance for organisations to have adequate security measures in place.
The Boots Advantage Card and Tesco Clubcard incidents follow a string of other cybersecurity incidents that have taken place in 2020.
And we’re only just in the third month of the year!
We’ve seen the LOQBOX data breach break over last weekend, and MGM Resorts confirm news of a significant data breach affecting some 10.6 million former guests. In January, it was reported that Travelex was being held to ransom after its systems were locked down by hackers who demanded a fee for release of the captured systems.
Once again, we’re seeing that cybersecurity data breaches will not stop. People must take care and must make sure that they take steps to protect themselves by not re-using login credentials across multiple platforms and using strong passwords. People need to be vigilant and keep an eye on online accounts for unusual activity, and organisations around the world must do all they can to secure their servers and systems.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.