The UK retailer Kiddicare has fallen victim to a data breach that exposed the names, addresses, telephone numbers and email addresses of up to 800,000 of its customers.
The firm first became aware of the breach after a 'small number' of customers reported that they had received an online survey from the retailer that actually turned out to be a phishing attempt. Kiddicare launched an investigation into the matter and discovered that the compromised credentials were a mach to information that had been loaded into a test server in November of last year.
The incident has been reported to the Information Commisioner's Office (ICO) and the firm guarantees that no credit card data was obtained through the leak. Kiddicare made a statement to the BBC in an effort to apologise and console its customers:
“We are very sorry for the potential stress and anxiety this incident may have caused our customers. We want to reassure everyone that the problem has been fixed, increased security measures have been implemented and we have a dedicated team here to help with any further concerns.”
Kiddicare was not cautious enough when it made the decision to load its test server with actual customer data. These servers often have less security and are more prone to attacks by hackers and cybercriminals. The test server from which the information was leaked has been deleted by Kiddicare but a risk for consumers still remains.
Users of Kiddicare's website should take the necessary time to change their login credentials and passwords on the firm's site to avoid being further affected by the leak.
Image Credit: Sergey Nivens / Shutterstock