BRIT-BASED cheap specs emporium Vision Direct is the latest to be clobbered by a data breach.
The mail-order peddler of face furniture says that thousands of payment card numbers with CVV (last three digits) and expiry dates were swiped during the period 3rd – 8th November incident, and a total of 16,300 customers could be affected, including 6,600 with valid bank details that are now in the wild.
Others using PayPal will have saved their cards, but name and address details were leaked.
The issue seems to have been triggered after a fake Google Analytics script – the code that allows webmasters to see traffic and other statistics – was placed in the site code.
Speaking to the BBC, a spokesperson from the company said: “Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again.”
The UK site, as well as sister sites in Ireland, France, Spain, Netherlands, Italy and Belgium were hit. Some banks, such as Revolut have already cancelled all affected cards proactively.
We were slightly concerned to note, however that there is no mention of the breach on the Vision Direct site anywhere, which given the seriousness of the incident – with CVV and full card number revealed – seems a bit short-sighted, as it were. We are assured that affected customers are being contacted directly.
Add to this that the company site has a specific FAQ question stating that using your card with it is safe, with nobody ever having a card misused after being entered in the site, and adding that Vision Direct only records the last four digits of the card.
Well, it can’t say that anymore. Should have gone to… never mind. μ
Source : Inquirer