View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 19, 2018

Vision Direct Hacked: Credit Card Details Stolen

Should have gone to Specsavers?

By CBR Staff Writer

Optician Vision Direct appears to be the latest business to fall prey to a Magecart-style attack.

Customers over a six day period from 3 November to 8 November have had credit card (including CVV codes) and personal details stolen.

Vision Direct, owned by France’s Essilor, is Europe largest online retailer of contact lenses and eye care products.

Magecart is an umbrella term for a range of cybercriminal groups using credit card skimmers. Such attacks typically involve inserting a customized Javascript payment overlay on compromised e-commerce sites.

Read this: Magecart’s 7 Groups: Hackers Dropping Counter-Intelligence Code in JavaScript Skimmers

The company said: “The personal and financial details of customers logging in or updating their accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 was compromised. Only customers who logged in between these dates are at risk.

vision direct hacked“The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.”

The company added: “Any existing personal data that was previously stored in our database was not affected by the breach. All payment card data is stored with our payment providers and so stored payment card information was not affected by the breach.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Jake Moore, from cybersecurity company ESET UK said in an emailed statement: “We desperately need to build a stronger and more robust financial transfer system that encrypts and verifies more often. I find it astonishing that we have spent so much money on multi-factor authentication when it comes to logging into accounts and sending money via bank accounts, yet if I view someone’s card number at the till and they flip it over to view the “security” CVV number on the back, I could then go on a shopping spree undetected.”

“We are all starting to use our phones to verify our identity so why can’t we introduce multi-factor authentication as standard when it comes to online payments attached to our cards? It would instantly reduce the demand for stolen credit card data as it would simply not work without the verification form the card owner.”

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.