Hackers claim to have accessed personal data of ~200,000 Superdrug customers

Superdrug has announced that up to 200,000 of its customers with online accounts may have had their personal data exposed.

According to a statement emailed out by the UK-based health and beauty retailer, it was contacted yesterday evening by hackers claiming to have obtained online shopping information on around 200,000 of its customers.

We continue to take the responsibility of safeguarding our customers’ data incredibly seriously.

– Peter Macnab, CEO, Superdrug

Names and addresses are believed to have been accessed, along with dates of birth, phone numbers and ‘points’ balances in some cases. Superdrug emphasised that no payment card information is thought to have been exposed.

“There is no evidence that Superdrug’s systems have been compromised,” CEO Peter Macnab said in the emailed statement. “We believe the hacker obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website.”

He also said that although the hackers claimed to have information on 200,000 customers, Superdrug had only seen information on 386.

Customers who may have been impacted were advised to change their passwords.

“We have contacted the Police and Action Fraud (the UK’s national fraud and cyber-crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously,” said Macnab.

More on this story as it updates.

Researcher, writer, recovering medievalist. Currently particularly interested in the cybersecurity solutions market, cyber insurance/risk modelling, and IoT security.

Related posts

Your thoughts