UK health and beauty retailer Superdrug has been targeted by hackers who claim to have stolen details from 20,000 customers.
The retailer has warned customers to change their passwords following the hack, with the group responsible claiming to have details such as names, addresses, dates of birth and phone numbers. Superdrug has only seen evidence of 386 compromised accounts so far.
The hack was not said to include payment card information.
A spokesperson for the company stated, “The hacker shared a number of details with us to try to prove he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.
“We believe the hacker obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website.
The company has since taken action, stating, “We take our responsibility to protect your personal information very seriously and that is why we have let our customers know as soon as we could.
“We have contacted the police and Action Fraud [the UK’s national fraud and cyber-crime arm] and will be offering them all the information they need for their investigation.”