A British pharmacy chain has contacted its customers to advise that a hacker may have obtained the details of up to 20,000 people
The British chain Superdrug has advised all its customers to change their online passwords as a result of the claims, reports Chemist + Druggist.
According to C + D, Superdrug was contacted by the purported hacker earlier this week and asked for a ransom.
“Today we have been communicating with our Superdrug.com customers to advise them of an event which may have resulted in the possible disclosure of some customers’ personal information,” Superdrug advised its customers on Twitter.
“This does not include payment card information but could include customers’ names, addresses and, in some instances, date of birth, phone number and points balances.
“As a security precaution we have advised all customers to change their online passwords.”
Superdrug said it was aware that some customers were experiencing difficulty in doing this and said it was “doing everything we can” on the issue.
“We take our responsibility to protect your personal information very seriously and that is why we have let our customers know as soon as we could,” it said.
“We have contacted the Police and Action Fraud (the UK’s national fraud and cyber-crime arm) and will be offering them all the information they need for their investigation.”
In a second tweet, Superdrug confirmed that the emails it has sent to customers are genuine and recommends that they follow the steps it suggests.
Superdrug told its customers that it believes the hacker got hold of customers’ email addresses and passwords from other sites and then used them to access the Superdrug customer accounts.
The hacker’s claim that 20,000 customers are affected is not confirmed, it said, saying that there has actually been no sign of a hack of its systems.
“The 386 accounts that were shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to Superdrug,” it said.
It also said that there was no evidence to suggest that patients using its online doctor service had been affected.