Attention, lockdown DIY fans: UK hardware flinger Robert Dyas had credit card data and more skimmed from website

2020-04-22 13:40

British hardware chain Robert Dyas' website has been hit by credit-card stealing malware that siphoned off customers' payment details including the long card number, expiry date and security code.

Between 7 and 30 March a card skimmer was present on Robert Dyas' payment processing page, the chain admitted in an email sent to affected customers that was seen by The Register.

Stolen data is said to include "Personal and credit/debit card details, along with names and addresses of customers." Nobody's Robert Dyas password was stolen, though that will be the least of the affected people's worries.

A common attack vector for these types of compromises is targeting of the so-called "Supply chain": compromise of the third party website that serves up elements of the card payment page.

"We informed our Merchant Service Provider - who manages all our credit or debit card payments online on our behalf - and the relevant card schemes, who inform the payment card providers, which include banks. We are in touch with approximately 20,000 affected customers and are recommending they also contact their bank or card provider and follow their recommendations as a precaution."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/22/robert_dyas_card_skimmer/

#creditcard #UK