Superdrug Stores PLC, an online health and beauty retailer in the UK has admitted that hackers stole details of its 20K customers for ransom. A spokesperson who apologized to its customers via Twitter added that the stolen details include customer names, addresses, phone numbers, reward points and DOBs for most of the customers.
It’s said that an investigation conducted by Superdrug has found that over 386 of accounts were compromised in the attack and more were expected to follow.
As per the details available to our Cybersecurity Insiders, a hacker mailed the admin authorities of the drug store on Monday evening saying he had got hold of some critical data of the store’s customers and would share those details on the dark web if the drug retailer fails to pay a specified amount as ransom.
In order to prove his credibility, the hacker is said to have shared details of the over 100 customers which made the drug store management react to the incident on an immediate note.
All those customers who had their data compromised received an email to change their passwords and also to change them regularly in the future.
The police and cyber crime unit of UK have been contacted and were informed about the incident.
As it’s still unknown when the breach occurred the GDPR implications might not hit the company just yet.
Note- Superdrug, a business unit of AS Watson Group which was purchased by Hong Kong Conglomerate CK Hutchison Holdings in 2002 has been selling healthcare-related drugs and wellness products via 900 stores located across UK and Ireland. It has over 14,000 employees and has seen immense profits since its inception into beauty product business in 2015. Apart from retailing, the company also offers pharmacies and consultation rooms in over 220 stores and 19 of them contain nurse clinics in them.