Skip to main content

Customer payment info stolen in Sweaty Betty cyberattack

(Image credit: Image source: Shutterstock/jijomathaidesigners)

Magecart, popular malware that's often used to steal personal and payment data from websites has been utilised successfully once again, this time against the customers of Sweaty Betty.

The UK activewear retailer issued a statement recently saying that all customers that had used their services to purchase goods between November 19th, 2019, at 6:24 PM (GMT) and November 27th, 2019, at 2:52 PM (GMT) may have their payment information taken.

"These investigations confirmed that a third party gained unauthorised access to part of our website and inserted malicious code designed to capture information entered during the checkout process. This affected customers attempting to place orders online or over the phone for limited intermitten (sic) periods of time from Tuesday 19 November at 6.24pm (GMT to Wednesday 27 November 2019 at 2.52.pm (GMT)," it says in the announcement.

Sweaty Betty said that whoever used a credit card to purchase their goods during the time of the hack has probably had these information stolen: name, Sweaty Betty password, billing address, delivery address, email address, telephone number, payment card number, CVV number, and expiry date.

Magecart only works if the victim enters the payment details into the site, so those that already have payment information stored with Sweaty Betty, or use services such as PayPal or Apple Pay, can sleep peacefully, as their data wasn’t taken.

At the moment, Sweaty Betty hasn’t given more information on their website and advises everyone who wants to learn more, to reach out via email.