The UK-based contact retailer Vision Direct has announced that any customer who had visited their site and entered personal information between the 3rd and 8th of November could be victims of a breach. The total number of affected people is believed to be around 16,000 thus far, which could grow in the near future. Of these known victims, 6,600 were unfortunate enough to have financial data such as full card numbers and CVV codes accessed, while 9,700 had personal information stolen–barring financial data. A fake Google Analytics script, known as a shoplift, is believed to be the cause of this event. The tech team at Vision Direct was already aware of this from previous instances and thought they had it patched, but that proved to be ineffective. Vision Direct has issued an apology and made a pledge to compensate anyone who was affected.
If users believe that they are a part of a breach the first step is to contact the financial institute they belong to and inform them. Consumers may also want to contact the retailer that suffered the breach to ask for any more information that may be available. In the next few days after the breach, it is always advised to monitor the account for suspicious activity. Users should always take advantage of the services provided by the company responsible for the breach to help them monitor themselves or get compensation for any losses that may occur as a result of being a part of the breach.