Superdrug tells thousands of customers to change passwords after cyber attack

Callum Keown
Follow Callum
Superdrug's online customers targeted in cyber attack
Superdrug's online customers targeted in cyber attack (Source: Getty)

Thousands of Superdrug's online customers have been targeted by cyber criminals who claim to have obtained their personal details.

The company told customers to change their online passwords after hackers claimed to have stolen information on approximately 20,000 users, but the retailer said it has only seen evidence so far that 386 accounts have been hacked.

Names, addresses, and in some cases phone numbers and points balances may have been accessed but not payment card information.

But some customers complained they couldn't access the website to change their passwords as instructed.

Superdrug said it had informed the police as well as the UK's national fraud and cyber-crime arm, Action Fraud, about the issue.

The Information Commissioner's Office said it was aware of the incident and would be making enquiries.

In an email to customers, Superdrug said: "We were contacted by hackers who claimed they had obtained a number of our customers' online shopping information."

There is no evidence that Superdrug's systems have been compromised.

"We believe the hacker obtained customers' email addresses and passwords from other websites and then used those credentials to access accounts on our website," Superdrug's letter continued.

The company has apologised to customers.