Boots suspends loyalty card payments as 150,000 accounts attacked by hackers

Boots has barred all loyalty card payments after hackers attempted to access 150,000 customers accounts using stolen passwords.

Boots Advantage Card holders will not be able to make any purchases using their loyalty cards while the retail attempts to limit the fallout from a security breach.

According to Boots, which put the programme on lockdown after spotting “unusual” activity on a number of accounts, hackers attempted to access and spend loyalty points using passwords they had attained from another source.

It assured customers that no credit card information had been accessed and that the “details were not obtained from Boots”.

This follows a nearly identical attack at Tesco earlier this week, in which hackers who had obtained a list of usernames and passwords for another website attempted to access loyalty accounts which may use the same details.

READ MORE: 620,000 Tesco Clubcards to be reissued after “fraudulent activity” exposed customer data

Boots said it had informed the “small number of our customers” who had been affected, telling the BBC that it amounted to less than one per cent of its 14 million loyalty card holders.

“Our customers’ safety and security online is very important to us,” it said in a statement.

“We can confirm we are writing to a small number of our customers to tell them that we have seen fraudulent attempts to access boots.com accounts.

“These attempts can be successful if people use the same email and password details on multiple accounts.

“We would like to reassure our customers that these details were not obtained from Boots. We are aware that other organisations may be impacted too.”

It added: “We are writing to customers if we believe that their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them.

“We currently believe that this will only affect a tiny percentage of cardholders and we would like to reassure customers that credit card information cannot be accessed. To help protect online accounts we strongly recommend using different passwords for each site used.”

Click here to sign up to Charged‘s free daily email newsletter

NewsSecurity

RELATED POSTS

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu

SUBSCRIBE TO OUR NEWSLETTER

Sign up to our daily newsletter to get all the latest retail tech news and insights direct to your inbox.

  • This field is for validation purposes and should be left unchanged.