Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Essential Retail Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Vision Direct reveals November 'data theft' incident

Vision Direct customers ordering or updating their details on the company’s website earlier this month may have had their personal and financial data compromised.

The optical retailer said that a data breach – which has now been resolved – occurred between 12:11 on 3 November 2018 and 12:52pm on 8 November.

The stolen data included personal and financial details of customers logging in and making changes on the VisionDirect.co.uk website, and Vision Direct said it has taken the necessary steps to prevent any further data theft. An investigation alongside the relevant authorities is now under way.

In a statement on its website, Vision Direct said: “This data was compromised when entering data on the website and not from the Vision Direct database. The breach has been resolved and our website is working normally.”

What data was affected?

Personal information captured during the breach includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.

Existing personal data that was previously stored in Vision Direct’s database was not affected by the breach, as this was an isolated website attack. The company said that all payment card data is stored with its payment providers and so previously stored payment card information was not affected by the breach – just that which was added via the website over the five-day period.

Any payments made during the period using Visa, Mastercard, and Maestro could have been affected, but customers using PayPal should not have had payment details compromised, but possibly may have had personal data stolen, Vision Direct noted.

“We understand that this incident will cause concern and inconvenience to our customers,” the retailer stated.

“We are contacting all affected customers to apologise and continue to inform you of any updates in the next few days.”

Anyone who purchased goods on the website during that time should receive their items as usual, it added.