Superdrug

Superdrug

Superdrug experienced a data breach affecting 20,000 individuals.

They were contacted by hackers who claimed to have a number of our customer’s online shopping information.

There is no evidence that Superdrug systems have been compromised.

The criminals had got customers’ email addresses and passwords from other websites .

They then used those credentials to access accounts on Superdrug's website.

The types of personal information stolen were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice.

Source: https://blog.itgovernance.co.uk/blog/superdrugs-customers-affected-in-data-breach

TPRM report: https://scoringcyber.rankiteo.com/company/superdrug

"id": "sup23281122",
"linkid": "superdrug",
"type": "Breach",
"date": "08/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 20000,
                        'industry': 'Retail',
                        'name': 'Superdrug',
                        'type': 'Company'}],
 'attack_vector': 'Credential Stuffing',
 'data_breach': {'number_of_records_exposed': 20000,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['Names',
                                              'Addresses',
                                              'Dates of birth',
                                              'Phone numbers',
                                              'Point balances',
                                              'Password advice']},
 'description': 'Superdrug experienced a data breach affecting 20,000 '
                'individuals. They were contacted by hackers who claimed to '
                'have a number of our customer’s online shopping information. '
                'There is no evidence that Superdrug systems have been '
                'compromised. The criminals had got customers’ email addresses '
                'and passwords from other websites. They then used those '
                "credentials to access accounts on Superdrug's website. The "
                'types of personal information stolen were Names, Addresses, '
                'Dates of birth, Phone numbers, Point balances, Password '
                'advice.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of birth',
                                 'Phone numbers',
                                 'Point balances',
                                 'Password advice']},
 'motivation': 'Data Theft',
 'threat_actor': 'Unknown',
 'title': 'Superdrug Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Reused credentials'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.