The online contact lens specialist warns that 16,300 customers are deemed to be at risk.
The breach affects customers who logged into their Vision Direct account or updated their personal details between 12.11am November 3 and 12.52pm November 8, 2018.
Personal information stolen includes full names, billing addresses, email addresses, passwords and telephone numbers.
As well as payment card information, such as the card number, expiry date and CVV code – the three digits on the back of your card used to make payments.
A spokesperson for the retailer told the BBC that a fake Google Analytics script had been placed in its website code which let hackers breach security defences.
Were your details stolen and what should you do?
Up to 16,000 customers are believed to have been affected by the breach.
The retailer says it will contact customers who it believes have been affected with details of how to change their passwords. This message will come from the email address [email protected]
In the meantime, if you're worried about your details, here are some precautionary steps you can take to protet yourself:
- Inform your bank, building society and credit card company of any unusual transactions on your statement.
- Request a copy of your credit file to check for any suspicious credit applications. You can do this for free using 30 day free trials but remember to cancel before the end of the free period.
- Report suspicious credit applications to the police and ask for a crime reference number.
- You can also check websites such as Haveibeenpwned.com to see if your details have been compromised in a data breach.
Visa, Mastercard and Maestro card details are at risk, but payments made using PayPal are believed to be unaffected.
Customers in Ireland, the Netherlands, France, Spain, Italy and Belgium have also been affected by the hack.
The retailer added that personal data stored on the database outside of this time frame has not been affected.
Customers who believe their personal details may be compromised are being advised to contact their banks and credit card providers and "follow their advice".
Vision Direct is also contacting customers from [email protected] with instructions on how to update your password if it believes your information may have been stolen.
In a statement on the website the online retailer said: "The stolen data included personal and financial details of customers logging in and making changes on the VisionDirect.co.uk website.
"Vision Direct has taken the necessary steps to prevent any further data theft, the website is working normally, and we are working with the authorities to investigate how this theft occurred.
"If you have any questions in regards to this matter, please call our customer services team on 020 7768 5000 from the UK."
This year, Facebook revealed that 30million profiles were hacked in a security breach and 380,000 British Airways customers were also at risk after hackers stole personal details from the website.
Last year, we revealed how stolen credit card information is sold for as little as £28 online, and login details for Hotmail and Gmail accounts for £90.
Worried? Here's how to make sure your personal information stays secure online.
We pay for your stories! Do you have a story for The Sun Online Money team? Email us at [email protected] or call 0207 78 24516. Don't forget to join the Sun Money's Facebook group for the latest bargains and money-saving advice.
Source: Read Full Article