The apparent Superdrug data breach has led to as many as 20,000 victims being held to ransom as hackers threaten to release information reportedly stolen in the breach.
Superdrug say they were contacted last week by hackers threatening to expose the personal data of customers affected by a breach. Hundreds of accounts appear to have been compromised so far as hackers have reportedly been able to verify the data they hold.
It’s assumed that a ransom is being demanded, although the details of any payment demands have not been made clear.
20,000 customers affected in Superdrug data breach
It’s understood that some 20,000 customers are potentially affected by the Superdrug data breach. Superdrug have contacted customers and recommended that they change their passwords, but with the hackers already believed to be in possession of personal data exposed in the breach, the damage may already have been done for some.
In a statement released by a spokesperson for the company, Superdrug said:
“The hacker shared a number of details with us to try and ‘prove’ he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.”
Information at risk in the Superdrug data breach
The information that the hackers are understood to have taken in the Superdrug data breach includes customer names, addresses, birth dates, telephone numbers and points balances. With this breach adding to the many breaches that people have fallen victim to over the last few years, the profiles that fraudsters can build about people – especially those unfortunate enough to have fallen victim to several hacks – is growing.
Imagine you’re affected by the Superdrug data breach, and imagine you were also a victim of the recent monumental Dixons Carphone breach that was discovered a few months ago. Then, imagine you were also a victim of the recent Ticketmaster data breach we’ve launched an action for, and now you’re the victim of yet another breach that has exposed more of your personal data, and helped to build even more of a profile about you for criminals to abuse.
The concerns over identify theft and fraud are incredibly worrying and with credit-monitoring service, Equifax, being subject to a legal action we’re spearheading as a result of their breach last year, how can anyone be confident they’re safe?
Superdrug data breach reported to the police
According to the email sent to customer, the Superdrug data breach has been reported to the police. Part of the email said:
“We have contacted the Police and Action Fraud (the UK’s national fraud and cyber crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously.”
Judging from reactions to the Superdrug data breach on social media platforms like Twitter, many people affected by the breach are, understandably, not very happy.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on August 29, 2018
Posted in the following categories: Claims Cybersecurity Hacking News Latest and tagged with cyber attack | cyber crime | cybersecurity | personal data | ransomware