Contact lens vendor Vision Direct has revealed that close to 16,300 customers have had their personal details, including full payment card details, stolen by hackers.
Customers who were either making online purchases or updating their details between 12.11am 3 November and 12.52pm 8 November had their personal and financial details stolen.
The company said that the data was stolen as it as it was entered onto its website. This mirrors the recent hack at British Airways in which 380,000 customers had information stolen from the BA website when they made online purchases.
As such it appears that Vision Direct is the latest in a growing list of companies who have become victims of hackers’ skimming sensitive information from websites as it is entered by customers.
For instance, alongside names, billing addresses, email addresses, passwords, telephone numbers, payment card numbers and expiry dates were the three digit CVV security codes.
Vision Direct says it is contacting affected customers, with instructions on how to reset passwords. It further says that says its website is now safe to use again.
Magecart strikes again?
The mode of operation, a website skimming attack, suggests a Magecart hacking group is responsible.
RiskIQ, a security analyst, says there are seven distinct Magecart groups currently in operation, targeting online shopping sites running running Magento web platforms that need updating.
According to RiskIQ these groups have targeted approximately 110,000 stores ranging from high-end operations to small and obscure online shops.
Keep yourself safe from the rising tide of website skimming hacks with BullGuard Premium Protection.