Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Tesco and Boots Loyalty Card Schemes Affected by Security Issues

Written by  Mar 05, 2020

UK retailers Tesco and Boots are dealing with the after affects of cyber security issues that may have affected thousands of customers using their loyalty card schemes.

Both companies believe that details from a database of hacked passwords and usernames from other platforms have been used to access their websites. Given that people may use the same username/password combination on various sites, attackers may have been successful in some attempts.

Tesco has cancelled all affected vouchers as a precaution and asked affected customers to reset their passwords. Up to 640,000 Tesco customers may have been affected by the issue.

According to the company, no customer financial data was accessed. “We have strict security measures in place and our priority is protecting our customers,” said a Tesco spokesperson. “Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”

The retailer reiterated that the situation has been dealt with, but internal investigations are ongoing and affected customers are being contacted.

A similar issue of attackers trying to break into customers’ accounts has also impacted Boots, but on a much smaller scale. According to the pharmacy chain, less than 1% of its 14.4 million boots.com customers were affected.

According to Boots, its IT security staff noticed unusual login activity and points spending on boots.com on a number of Boots Advantage Card accounts, including attempts to access and spend points.

Data BreachAlso see: Human Error Caused Ninety Per Cent of UK Data Breaches Last Year

Because of that, Boots stopped payment for products using its loyalty card points online or in store, which also removes people’s ability to attempt to access any Boots accounts.

Stressing that the company's own database had not been compromised, a spokesperson for Boots said the suspension of payments using Boots Advantage Card points is temporary and that any points balance taken by attackers will be fully restored.

“We are writing to customers if we believe their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them,” said a Boots spokesperson.

ransomware2Also see: Government, Energy and Manufacturing Sectors are Biggest Ransomware Targets

“We currently believe that this will only affect a tiny percentage of cardholders and we would like to reassure customers that credit card information cannot be accessed. To help protect online accounts, we strongly recommend using different passwords for each site used.”

Max Heinemeyer, director of threat hunting at Darktrace, described this is a typical case of “credential stuffing”, in which hackers check previous data leaks containing stolen passwords uploaded on the dark web and reuse those credentials to sign into another online account belonging to the same user.

“Good password managers and multifactor authentication will help, but there is only so much the individual can do,” he said. “The responsibility lies with the organisations providing online services to ensure they have robust systems and cutting-edge defensive technologies to fight back when hackers do gain access to users’ accounts.”

Heinemeyer said AI is fighting back against hackers attempting to hijack individuals’ accounts “every single day”.

“Regardless of whether it is someone’s email or a social media account, if a hacker tries to log in from the US, say, at a slightly unusual time, when the owner of the account usually logs in from the UK, AI is now sophisticated enough that it can now stop that log in attempt from being successful,” he said.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.


Popular Cyber News

Jan 30, 2020 Cyber Security

UK Cyber Security is Booming

The UK’s cyber security industry is currently enoying a three-year boom, with the number of active security firms in t...

Jan 30, 2020 Cyber Security

Phishing A Major Factor in UK Cybercrime

Of all reported incidents in 2019, almost half were related to phishing attacks. ...

Mar 05, 2020 Cyber Security

Tesco and Boots Loyalty Card Schemes Affected by Security Issues

UK retailers Tesco and Boots are dealing with the after affects of cyber security issues that may have affected thousand...

Feb 13, 2020 Cyber Threats

Steps To Combat Insider Threats

Your organisation are generally well prepared for threats from outside the company. But are you ready to address threats...

Feb 08, 2020 Cyber Security

Millions of UK Businesses don't have a Cyber Insurance Policy

According to a survey conducted by Insurance firm Gallagher, millions of businesses operating in the UK don't have basic...

Feb 07, 2020 Cyber Threats

British Police Warn: Cleaners Are A Cyber Threat

British police have reportedly warned of a cyber threat posed by a not often thought about data stealer, namely the use ...

Feb 10, 2020 Cyber Security

The Cyber Security Fight Won't Stop

The controversy over the decision to allow Huawei technology to be used in the UK’s 5G networks is a very high-profile...

Feb 04, 2020 Cyber Security

NHS Employs Supplier Security Audits to Improve Cyber Security

NHS Shared Business Services and its cloud partner Virtualstock have enlisted cyber threat intelligence and risk assessm...

Feb 29, 2020 Cyber Security

Wi-Fi of More Than a Billion Devices Can Be Exposed

A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be e...

Feb 25, 2020 Cyber Security

The Top Cyber Security Companies in the UK

Investing in the right cyber security for your company is more important than ever, but which are the top UK cyber secur...

Feb 28, 2020 Cyber Threats

UK Prepares ‘National Cyber Force’ To Tackle Terrorists and Other Threats

The UK is preparing the official launch of a specialist cyber force that will target terror groups and hostile nation st...

Feb 19, 2020 Cyber Security

Cybersecurity Jobs Are Not Going To Be Filled

CISOs around the world expect a serious lack of global cybersecurity talent which will worsen in the next five years, ac...

Feb 28, 2020 Cyber Threats

DVLA Say Cyber Criminals are Targeting UK Motorists

The Driver and Vehicle Licensing Agency (DVLA) has warned that cyber criminals and scammers are targeting unsuspecting d...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Mar 23, 2020 Cyber Security

Thousands of Netflix and Other Streamers Accounts are Being Stolen

With a massive surge in home use of video and music streaming services such as Amazon Prime Video, Apple Music, Netflix ...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

Symantec Home 120x60