Superdrug has urged its online shoppers to change their passwords after being contacted by hackers claiming to have accessed 20,000 customer accounts.
The health and beauty retailer said it was contacted by hackers on Monday evening seeking ransom for the customer details they claimed to have obtained.
The retailer said it has not detected any signs of a hack to its systems and it suspected customers’ details had been obtained from other websites and then used in an attempt to access Superdrug’s customer accounts.
It confirmed that 386 of its customers’ accounts had been breached as a result of the hack.
A Superdrug spokeswoman said “customers’ names, addresses and in some instances date of birth, phone number and points balances may have been accessed” but stressed that no payment card information had been compromised.
The retailer has contacted the affected customers directly as well as the police and the national fraud and cybercrime reporting centre, Action Fraud.
The spokeswoman said the retailer would “be offering [the authorities] all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously.
“We are aware that some customers we contacted and asked to change their passwords had difficulty logging in due to the number of people who are using the website, and we apologise for any inconvenience caused.”
Superdrug is the latest retailer to report a breach of its customer records after Dixons Carphone confirmed last month that 10 million of its customer records had been breached.