In Jewson’s letter to customers, it stated that customers’ card data which included CVV numbers and card expiry dates could have been vulnerable to hackers.
Jewson, a large British building merchant has confirmed that it was hit by hackers. Alerting customers in a letter, the firm said that private and financial data may have been compromised during the attack. It has also said that the breach occurred after hackers were able to gain access to the firm’s website.
It is believed that the breach had already occurred in August but was only discovered in November. This shocking discovery means that hackers likely had ample opportunity to conduct malicious attacks on the firm’s network. Possibly for weeks before they were detected. In a statement, Jewson said that it had notified over 1,600 customers whose data may have been compromised.
It also said that it would offer free credit monitoring to all those affected. This will help detect any potential misuse of data in the future. The firm confirmed that only the Jewson Direct website was affected by the breach. It stated that the firm’s main website, the credit account customers as well as the transactions across their branch network are not affected by the attack and will continue to operate normally.
According to the customer letter, Jewson has commissioned a forensic investigation into the attack by a specialist firm. The firm will be able to provide detailed feedback into the security breach. Jewson apologized to its customers for any distress and inconvenience the attack may have caused its affected customers.
Local press reported that in Jewson’s letter to customers it stated that customers’ card data which included CVV numbers and card expiry dates could have been vulnerable to hackers. Also among the data which was leaked was customers’ names, email addresses, and passwords.
The chief security strategist at Exabeam, Stephen Moore, has said that all data protection measures the firm had in place failed against the threat. This allowed cybercriminals to go unnoticed for months. He added that this was the reason security teams needed to develop both a mindset and supporting methods for threat detection as well as responses thereto.
The Jewson Direct website has been shut down following the breach and will remain down until the issues have been resolved. Speaking to national media a representative from the firm said they are aware that a foreign piece of code was encrypted into the website. The representative added that the code was identified and removed.
Jewson has now also reportedly offered its customers a complimentary 12-month membership to Experian ProtectMyID. This will help users keep track of their information and assist in finding any potential signs of identity theft.