Vision Direct hack puts money at risk

Image copyright Getty Images
Image caption Vision Direct says anyone who entered personal details into its site over a six day period could have been exposed

Vision Direct is warning customers that a hack attack has exposed their personal data including payment card numbers, expiry dates and CVV codes.

It said anyone who entered their details into its site between 3 and 8 November could be affected.

The firm describes itself as Europe’s biggest online seller of contact lenses and eye care products.

Several experts have said a fake Google Analytics script placed within the site’s code was the apparent cause.

Recommended For You

xMails Pro Commercial - xMails Pro Commercial - Grow List 10 Times Faster With 5 Times More Profits

(Handle Clients Mailing and Make 5k to 10k per month)Grow Your Subscribers List 10 Times Faster and Optimize Your Mailing Campaigns To 5 Times Profits INSTANTLY With Guarantee Of 500% More Openings and Clicks.Send Unlimited Emails to Unlimited Leads Using

TigerPress Volume 2 Expansion Pack

Expansion pack includes HTML versions of the 3 themes, our local seo engine plugin version and bonuses.

TigerPress Volume 6 Expansion Pack

Expansion pack includes HTML versions of the 3 themes, our local seo engine plugin version and bonuses.

A spokeswoman for Vision Direct confirmed that its UK site had been involved as well as some of its other European operations.

“Being able to provide the CVV number usually indicates that you have the card in your hand when making a purchase,” commented cyber-security researcher Scott Helme.

“Now the attackers have the full card details including the CVV number, these checks carry less value.”

A statement on Vision Direct’s site says that anyone who updated their details during the stated period, or had an order or update submitted on their behalf by its customer services team, should contact their banks and/or credit card providers.

“The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV,” said a notice on its site.

Recommended For You

Instazon Traffic Combo (3App Bundle)

This is a robust combination of pro versions of three of our most successful social media marketing products, Viral Reach, Credi Response and Site Contact.Viral Reach is a powerful Facebook marketing automation software that keeps your Facebook pages s

QuickAffiliatePro Enterprise

Get this Brand New Software That INSTANTLY Creates 1-Click SEO-Optimized and Traffic Pulling Affiliate Sites Stacked With Fresh, Unique Content and HOT Videos To Boost Sales and Affiliate Commissions 24*7 on Complete Autopilot.

“We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise.”

Vision Direct’s site had previously said that all card payments made to its service were “totally secure” and that it had never once heard of a case of them being misused.

Image copyright Vision Direct
Image caption Cyber-security experts believe the firm’s website was compromised by fake code

It added that customers who had used PayPal during the period might have had their names and addresses accessed, but said their payment details should still be secure.

‘Compensation TBC’

Vision Direct was acquired by the French firm Essilor International two years ago.

A spokeswoman for the company said she would pass on the BBC’s request for more information, including an estimate of how many people had been affected.

In the meantime, its Twitter account has been telling customers that “compensation will be considered on a individual basis should there be any material loss incurred”.

The Information Commissioner’s Office told the BBC it had yet to be formally notified of the incident.

“Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms,” said a spokeswoman.

Recommended For You

(Pro) X Ranker 360 2.0

The ONLY Web-App Guaranteed To Rank More Of Your Videos On Page 1 of Google in 48 hours or less - See a LIVE Case Study here.

Viral Traffic Machine - OTO 1

Viral Traffic Machine - OTO 1

Leads2List Facebook Leadgen and Email Marketing Training

Leads2list email marketing course will guide hand hold you at every step of email marketing. With this training find effective leads, reach them with minimum possible expenditure, make sure they sign up happily and willingly.Create awesome Email funnels

“If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary.”

It is not clear how a fake script could have been placed on the firm’s site – and Vision Direct has yet to confirm the detail – but Mr Helme said such attacks were preventable.

“Historically we may have seen card skimmers installed on an ATM but now we’re seeing these attackers install them on websites instead,” he said.

“Depending on the exact details, there are technologies that sites can deploy to protect themselves in a variety of ways.”

A spokesman for UK Finance said that affected customers should be protected against this and other cases of unauthorised fraud on their debit and credit cards.

“Card issuers already have advanced fraud screening systems in place to detect and stop any suspicious transactions and will be putting in place any necessary protections for affected customers,” he explained.

“The finance industry has previously called for new powers on information sharing to allow banks to share data to detect and better prevent financial crime, particularly when it is the result of a data breach in another sector.”

Original Article : HERE ; This post was curated & posted using : RealSpecific

Thank you for taking the time to read our article.

If you enjoyed our content, we'd really appreciate some "love" with a share or two.

And ... Don't forget to have fun!

Recommended Products

VideoMate single site license

100% automated video marketing.Get automated content Get automated traffic Get automated list building Get automated social followers Get automated PROFITSAll using the power of VIDEO

Social Interest Freak Standard

Desktop Software Fully Compatible for PC and Mac that uses the latest API to allow laser-targeting of Facebook/Instagram Ads at a level that's never been possible before for the Average Joe or Jane, Small Business Owner/Entrepreneur. Activate on any 3 compu

WP Dev Suite

Ready to cash-in on the latest software craze? Start selling your own software in less than 4 minutes from now…WP Dev Suite allows you to easily tap into the MASSIVE WordPress Market, with YOUR OWN hot-selling plugins - instantly, no experience needed.

Leave a Reply