News Hub

Boots suspend Advantage Card payments after cyber attack 

Written by Thu 5 Mar 2020

Boots cyber attack

The company’s IT security team spotted ‘unusual’ activity on a number of Boots Advantage Card accounts and have suspended payments as a result of the cyber attack 

Boots has suspended payments using loyalty points after a cyber attack on almost 150,000 customers’ accounts.

The suspension comes after the company’s IT security team spotted “unusual” activity on a number of Boots Advantage Card accounts with the aim of accessing and spending the points.

The chain told the PA news agency the issue affected less than 1% of the company’s 14.4 million active Advantage Card users – around 150,000 people.

But Boots insisted no credit card information had been accessed.

In a statement, Boots said: “Our customers’ safety and security online is very important to us.

“We can confirm we are writing to a small number of our customers to tell them that we have seen fraudulent attempts to access boots.com accounts.

“These attempts can be successful if people use the same email and password details on multiple accounts.

“We would like to reassure our customers that these details were not obtained from Boots. We are aware that other organisations may be impacted too.”

The statement added: “As an extra precaution we have temporarily stopped payment by Boots Advantage Card points on boots.com or in-store.

“This removes the ability for people to attempt to access any Boots accounts, but means that customers will not be able to use Boots Advantage Card points to pay for products in store and online for a short period of time.

“We are writing to customers if we believe that their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them.

“We currently believe that this will only affect a tiny percentage of cardholders and we would like to reassure customers that credit card information cannot be accessed. To help protect online accounts we strongly recommend using different passwords for each site used.”

The news comes after Tesco reported itself to the Information Commissioner’s Office after scammers targeted its online shoppers.

The retail giant believed fraudsters accessed the accounts of users using lists of stolen username and password combinations from other sites and tried to redeem vouchers amassed by shoppers.

Written by Thu 5 Mar 2020


Boots cyber attack
Send us a correction Send us a news tip