Sweaty Betty admits eCommerce data breach

Sweaty Betty has revealed that cyber-criminals managed to insert malicious code into its eCommerce website in an attempt to capture customer card details during the checkout process.

In an email sent to customers, Sweaty Betty said it was recently made aware of “unusual activity” on its website. According to the retailer, a third party gained unauthorised access to part of its website and inserted malicious code “designed to capture information entered during the checkout process”.

Stolen customer data could include name, password, billing address, delivery address, email address, telephone number, payment card number, CVV number and expiry date.

The affected customers were those placing online or phone orders from Tuesday 19 November to Wednesday 27 November, a mere two days prior to Black Friday when the retailer had big reductions across its athleisure ranges. In the email, Sweaty Betty said customers affected were those who entered new card details when checking out between 19-27 November, not those who made an order using saved card details or those who used PayPal or Apple Pay.

The retailer said it has taken immediate action and reported the incident to the Police as well as the Information Commissioner’s Office (ICO).

Essential Retail spoke to Sweaty Betty customer care and a member of the team confirmed the emails seen were legitimate and an attack had taken place last week, but the website is now “completely secure”. A spokeswoman from the Sweaty Betty press department responded to our request for a statement several hours later.

She said: "We can confirm that Sweaty Betty has launched a comprehensive investigation following a highly-sophisticated cyber security incident on our website platform. We worked quickly to engage specialist technical security consultants to assist us with our investigations and we can confirm the issue has now been resolved and apologise for any inconvenience.

"We have taken all the necessary steps to inform those who may have been affected and the Information Commissioner’s Office (ICO) has been notified. We take data security extremely seriously and the privacy of our customers remains our highest priority. Importantly, this issue has been resolved, and it is safe to shop at Sweaty Betty – whether online, by phone, or in stores."

 A number of customers have taken to social media to air their concerns over their data and question the emails sent.

Essential Retail spoke to Annabel Thorburn, SVP of eCommerce at Sweaty Betty, earlier in the year about the brand’s work to deliver a “seamless easy experience” for online customers. The retailer replatformed onto Salesforce’s cloud-based eCommerce platform in 2018, which has allowed the Sweaty Betty tech team to run more user testing and updates to improve customer experience.