Vision Direct, UK’s biggest online retailer involved in the business of supplying contact lens has recently hit the headlines for its uncanny disclosure. The online retailer revealed that certain personal data of its customers was compromised between 3rd November and 8th November.
The Attack
The attack was strategically launched by placing a malicious script in the website’s source code and thereby hacking VisionDirect.co.uk. This piece of malicious code remained unnoticed as it was used in the form of a bogus google analytics script.
This cyber attack took place between 12:11 AM GMT on the 3rd November and 12:52 PM GMT on the 8th November, which resulted in the compromise of personal and financial details of around 16,300 Vision Direct customers. According to Vision Direct’s spokesperson, this included 9,700 customers whose personal data had been compromised, while the remaining 6,600 customers faced far more serious consequences as their personal and financial data remained compromised.
During this attack, the compromised personal and financial details of its customers included names, addresses, card numbers, CVV, and card validity dates. This leaves thousands of Vision Direct’s customers vulnerable to fraudulent transactions.
It has been reported that most PayPal users have escaped the brunt of this attack and their financial data may not have been accessed, but those who have paid with Visa, Mastercard, and Maestro remain vulnerable.
However, only those customers who have transacted or updated their existing personal or financial information on the Vision Direct domain VisionDirect.co.uk during the attack were affected.
Vision Direct has reportedly stated
All payment card data is stored with our payment providers and so stored payment card information was not affected by the breach.
Immediate Steps taken by Vision Direct
The online contact lens retailer was quick enough to reach out to all of its affected customers by email and phone. They reportedly informed the customers about this cyber attack and urged them to change their account details and sent them the necessary instructions through e-mail correspondence.