The UK-based contact retailer Vision Direct has announced that any customer who had visited their site and entered personal information between the 3rd and 8th of November could be victims of a breach. The total number of affected people is believed to be around 16,000 thus far, which could grow in the near future. Of these known victims, 6,600 were unfortunate enough to have financial data such as full card numbers and CVV codes accessed, while 9,700 had personal information stolen–barring financial data. A fake Google Analytics script, known as a shoplift, is believed to be the cause of this event. The tech team at Vision Direct was already aware of this from previous instances and thought they had it patched, but that proved to be ineffective. Vision Direct has issued an apology and made a pledge to compensate anyone who was affected.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased