The Sweaty Betty data breach incident appears to be another case of cybercriminals using malicious code in checkout systems to steal sensitive information.
We’ve literally seen this before. Two of the big recent examples are British Airways and Ticketmaster; both of which are thought to be attacks carried out by the same group of hackers. Inserting code into checkout systems can lead to personal details and payment card data being exposed and that’s exactly what has happened in the Sweaty Betty case.
Anyone who has been affected in England and Wales may be entitled to bring a claim for data breach compensation, and we can help.
About the Sweaty Betty data breach
The Sweaty Betty data breach incident is understood to affect customers who placed online and telephone orders with the company between Tuesday 19th November and Wednesday 27th November 2019.
During this timeframe, malicious code had been inserted into the company’s eCommerce system which was designed to capture information that was processed through it. Customers are being informed about the breach, and information that may have been exposed includes:
- Telephone numbers;
- Email addresses;
- Postal addresses;
- Payment card information (card numbers, CVV numbers and expiration dates)
This kind of data in the hands of criminals can put people at an immediate risk of theft and fraud. Victim numbers are unknown, although it’s understood that customers who used PayPal or Apple Pay may not be affected.
Advice for victims
If you have been affected by the Sweaty Betty data breach incident, take a look at our recent advice article about what to do and how to protect yourself. This article was about Black Friday security, but the tips may be helpful for you.
You may also be able to make a claim for data breach compensation, and you can speak to our team today for free, no-obligation advice. If you have been informed that you were affected by the breach, or if you processed an order during the breach period, we may be able to offer you our No Win, No Fee representation.
This case has stark similarities to the BA Group Action that we have a senior role in having been appointed by the High Court to the Steering Committee that’s responsible for conducting the litigation.
A preventable incident?
The Sweaty Betty data breach appears to me like it may have been another case of a preventable incident.
The retailer has reportedly said that this was a “highly-sophisticated cyber security incident”, and that they have now taken steps to make their website completely secure. As we often say, it’s too little, too late. The exposure has already taken place, and this appears to be yet another case of an organisation being reactive to a real breach as opposed to being proactive to prevent one.
If they have now taken steps to make their website completely secure, why wasn’t it completely secure ion the first place? We can only speculate at this moment in time as investigations remain ongoing, but if changes have now been made then, surely, they could have been made before a successful attack took place.
The incident has been reported to the ICO (Information Commissioner’s Office) who may impose GDPR fines in the same way they have for BA and Marriott. Financial penalties are separate to the claims for compensation we make so you can speak to our team now for help and advice.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on December 05, 2019
Posted in the following categories: Claims Cybersecurity Group Action Latest Scammers Security and tagged with compensation | cyber attack | cyber crime | cybersecurity | data breach | Group Action | online security | personal data