Superdrug hack: Data thieves claim to have information on 20,000 customers
Health and beauty chain working to establish what may have been taken
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Superdrug has been targeted by hackers claiming they had access to tens of thousands of customers' personal details including dates of birth and phone numbers.
The high street chain it had been contacted by someone who claimed that they had obtained the details of approximately 20,000 customers.
The company confirmed that 386 of the accounts had been compromised and said was it was working to establish the exact number.
"The hacker shared a number of details with us to try and 'prove' he had customer information - we were then able to verify they were Superdrug customers from their email and log-in," a spokeswoman said.
Superdrug said customers' names, addresses and in some cases dates of birth, phone number and points balances may have been accessed, but no payment or card information had been taken.
Customers who may have had their data harvested were sent an email and asked to change their passwords. They were also advised to change them regularly in future.
"We have contacted the Police and Action Fraud (the UK's national fraud and cyber crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers' data incredibly seriously," the firm said.
In a separate tweet it added: "To customers who have received an email from us today, this email is genuine. We recommend you follow the steps outlined."
One angry customer replied: "Not even an apology. Your responsibility to keep our information safe. Disappointed."
Another said: "What a cagey and cryptic tweet, something you're embarrassed to talk about?"
Last year, retailer Dixons Carphone, which owns a number of electrical and tech brands including Currys and PC World, was subject to one of the biggest data breaches in history.
Around 10 million records containing personal data were accessed.
In 2015, mobile network TalkTalk was targeted by hackers who exploited a flaw in the company's website, resulting in 157,000 records being accessed.