The Stack Archive

Baby retailer Kiddicare customer data stolen in ‘test’ site hack

Mon 9 May 2016


UK baby retail site Kiddicare has reported a data breach which leaked the names, addresses and contact numbers of almost 800,000 customers.

According to the parenting e-trader, the data had been stolen from a test version of its website. It said [PDF] that it was notified of the breach after customers had started to receive suspicious text messages claiming to have been sent from Kiddicare.

The Peterborough-based company was then contacted by a security firm who had discovered further information about an insecure test platform that Kiddicare had been using in November last year.

“Kiddicare used real customer data on its test site,” explained security analyst and blogger Graham Cluley. “It shouldn’t be forgotten that this was a test site, and things are expected to go wrong.”

While the company advised customers that payment details, including credit and debit card information, were not compromised, other personal data was leaked such as names, addresses, telephone numbers and email addresses – all of which could be manipulated by cybercriminals and scammers.

“One clear risk is that Kiddicare customers might be contacted by fraudsters pretending to be the baby specialist retailer, in an attempt to trick unsuspecting consumers into handing over payment information. Such attacks could be spammed out in the form of phishing emails or potentially take place over the telephone,” Cluley added in his blog.

The company immediately alerted the UK’s Information Commissioner’s Office to the incident. As precautionary measures it also deleted the test site and automatically reset all customer passwords.

The retailer continued to assure customers that it has implemented upgrades and improvements to its systems to minimise the risk of similar incidents reoccurring.

Kiddicare CEOs Joe Murray and Richard Tucker have since issued an email apology to the 794,000 affected by the hack. “Thank you for your patience, understanding and loyalty… we are very sorry for any worry or inconvenience this has caused you.”


hacking news privacy retail security
Send us a correction about this article Send us a news tip