The details of almost 800,000 customers of UK baby and child retailer Kiddicare have been stolen from a version of their website it had been using for testing.
Customers reported receiving suspicious messages that had not been sent by Kiddicare, and following an investigation, the data breach was linked back to a test website they had used which led to customer data being compromised.
The company has reported itself to the ICO (Information Commissioner’s Office) in light of what has happened.
The breach stemmed from the company using real customer data as part of a test website environment, and as things can easily go wrong when things are being tested, the data was exposed when the test site was breached. The result of the breach is that customers have been contacted via messaging from people purporting to be from the Kiddicare company, leaving affected customers open to fraud.
Kiddicare reportedly took a while to publicise the breach, but have since contacted the affected customers to apologise for the blunder, and have stressed that no payment information or financial data has been leaked.
According to sources from the BBC the company has made the following statement:
“We are very sorry for the potential stress and anxiety this incident may have caused our customers. We want to reassure everyone that the problem has been fixed, increased security measures have been implemented and we have a dedicated team to (SIC) here to help with any further concerns.”
In a word from our Data Leak Team on the news of the Kiddicare breach…
“Real customer data should never have been used for testing purposes. Testing generally leads to things going wrong, and we’re surprised that they put their customer’s data at risk by using real data in the first place.This is yet another example of a simple error resulting in such a huge data breach affecting hundreds of thousands of people. The duties organisations have as data controllers are clear, and anyone handling personal data should always be conscious of security; it should always be at the forefront of people’s minds.We live in an age where such small pieces of information can lead to serious cases of fraud, and the customers affected have undoubtedly been put at risk as a result of this leak.”
Have you been affected?
If you have been affected by the breach then you may be able to claim compensation – particularly if you have been the victim of fraud or a scam. We help people whose data has been breached or leaked and have subsequently become the victims of criminal activity.
You can contact us for help and advice on 0800 634 75 75.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.