Builders’ merchant Jewson has taken its online store www.jewsondirect.co.uk offline amidst fears that customers’ data may have been stolen by hackers.
The breaches are believed to have taken place between 23 August, 2017, and 3 November, 2017.
Jewson notfied its customers of the breaches in a recent letter which stated: “As a Jewson Direct customers, we regrettably are writing to inform you that our website (www.jewsondirect.co.uk) has suffered a security breach and, as a result, your personal data including your credit/ debit card details may have been compromised.”
A spokesperson for the company told The Inquirer: “We confirm that the Jewson Direct website has been the target of a security breach. We have notified 1,659 customers whose data may have been compromised, and are offering free credit monitoring to all of those affected to help detect any potential misuse of data in the future.
“We have commissioned a forensic investigation into the breach using a specialist firm and the Jewson Direct website will remain offline until the investigation is complete. We sincerely apologise for the distress and inconvenience this security breach has caused to those customers affected.”
It is possible that names, location, billing address, password, email, phone number, payment details, card expiry dates and even CVV numbers “may” have fallen into the hands of an “unauthorised person”, according to the letter.
Jewson told cutomers: “At this stage we are aware that a foreign piece of code was encrypted into the Jewson Direct website.
“The code has been identified and removed, and we are investigating the breach of security and any related potential loss of information/personal data. No card data is stored by Jewson, however, until the investigation has been completed, customers have been informed of a potential breach of card data as an advisory measure.”
Only the Jewson Direct website was affected by the security breach. The company’s main website www.jewson.co.uk, their credit account customers, and transactions across their branch network, are said to remain unaffected by the security breach and are operating normally.