Superdrug experienced a data breach affecting 20,000 individuals.
They were contacted by hackers who claimed to have a number of our customer’s online shopping information.
There is no evidence that Superdrug systems have been compromised.
The criminals had got customers’ email addresses and passwords from other websites .
They then used those credentials to access accounts on Superdrug's website.
The types of personal information stolen were Names, Addresses, Dates of birth, Phone numbers, Point balances, Password advice.
Source: https://blog.itgovernance.co.uk/blog/superdrugs-customers-affected-in-data-breach
TPRM report: https://scoringcyber.rankiteo.com/company/superdrug
"id": "sup23281122",
"linkid": "superdrug",
"type": "Breach",
"date": "08/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 20000,
'industry': 'Retail',
'name': 'Superdrug',
'type': 'Company'}],
'attack_vector': 'Credential Stuffing',
'data_breach': {'number_of_records_exposed': 20000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Phone numbers',
'Point balances',
'Password advice']},
'description': 'Superdrug experienced a data breach affecting 20,000 '
'individuals. They were contacted by hackers who claimed to '
'have a number of our customer’s online shopping information. '
'There is no evidence that Superdrug systems have been '
'compromised. The criminals had got customers’ email addresses '
'and passwords from other websites. They then used those '
"credentials to access accounts on Superdrug's website. The "
'types of personal information stolen were Names, Addresses, '
'Dates of birth, Phone numbers, Point balances, Password '
'advice.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Phone numbers',
'Point balances',
'Password advice']},
'motivation': 'Data Theft',
'threat_actor': 'Unknown',
'title': 'Superdrug Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Reused credentials'}