High street chemist Superdrug says it has been contacted by hackers claiming to have accessed the details of 20,000 customers.
It said that so far only 386 of the accounts had been compromised, and that although customers’ names, addresses and in some cases dates of birth, phone number and points balances may have been accessed, no payment or card information had been taken.
A company spokeswoman said: “The hacker shared a number of details with us to try and ‘prove’ he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.”
An email to customers advised them to change passwords.
It read: “We have contacted the Police and Action Fraud (the UK’s national fraud and cyber crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously.”
In June Dixons Carphone revealed that a 2017 cyber attack had accessed details of 10 million customers.
