Superdrug’s online customers have been warned to change their passwords after criminals claimed they stole personal details of 20,000 customers.
Despite this, evidence shows that only 386 customers have been affected by the breach so far.
Names, addresses and, in some cases, date of births and phone numbers may have been accessed, according to Superdrug.
“With so many people using Superdrug to buy their everyday beauty products, it is no surprise that their customer’s data is a target for cybercriminals. It is important for Superdrug – and all businesses – to have an effective cybersecurity strategy in place before it becomes a target,” commented David Jacoby, Senior Security Researcher, Global Research and Analysis Team.
“Companies should also implement measures to secure customer data so that if data is compromised in a breach, passwords and other sensitive details are not made available to threat actors.”
The health and beauty retailer also said hackers attempted to extort a ransom from Superdrug but failed.
Martin Warren, NetApp EMEA Cloud Solutions Marketing Manager, added: “Businesses must meet the realities of data breaches head on. Out of 1,765 breach incidents globally last year, 72% were due to malicious outsiders. Data protection is not an issue that can be approached with a laissez-faire attitude.
Data privacy measures
“This year with the EU’s GDPR coming into play, we anticipated more transparency over data breaches. As businesses continue to get their data strategy in order, to meet compliance standards, they will do well to remember that privacy by design, readiness and willingness to report a data breach within 72 hours of detection is essential.
“The reputational damage can be debilitating and is a real concern for 56% of UK IT managers and C-suite staff according to NetApp research. Personal data and privacy may be the Achilles heel for a data-driven business as consumers are growing more aware of the value and sensitivity of their digital DNA.”
Jacoby also noted that consumers should ensure that they are doing everything they can to protect themselves, including changing their passwords on a regular basis.
Written by Leah Alger