18 June 2020
Jewellery and accessories retailer, Claire’s, has revealed details of a data breach caused by a cyber-attack.
Sansec, a company which specialises in protecting payment platforms, discovered and reported the data breach to Claire’s on 12 June 2020.
Sansec’s investigation found that a web domain Claire’s-assets.com was set up on 22 March 2020, a day after the company was forced to close due to COVID-19.
The web domain was dormant until a malicious code was entered during the period 25 April 2020 – 13 June 2020. The code would intercept any personal data entered during checkout and copy it to the Claire’s-assets.com server.
Claire’s has advised any customers who may have purchased items during that time to monitor their account for suspicious activity.
A Claire’s spokesman said
“Claire’s cares about protecting its customers’ data. On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorised insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process.
“We removed that code and have taken additional measures to reinforce the security of our platform. We are working diligently to determine the transactions that were involved so that we can notify those individuals. Cards used in our retail stores were not affected by this issue.
“We have also notified the payment card networks and law enforcement. It is always advisable for cardholders to monitor their account statements for unauthorised charges. The payment card network rules generally provide that cardholders are not responsible for unauthorised charges that are timely reported.”
Claire’s told Sky News that the company does not know how many customers have been affected and that it is investigating the matter so that victims can be informed.
If you shopped online with Claire’s between 25 April 2020 -13 June 2020, get in touch with our team to see if you have a claim.