Jewson Direct website affected by security breach

Jewson has taken their Jewson Direct website offline after they suspected customers personal data may have been stolen by hackers.

As many as 1,700 individuals who purchased from the Jewson Direct website between 23rd August and 3rd November 2017 may have been affected and the company confessed to the data breach in a letter sent to affected customers last Friday, which was published by the online technology publication The Register.

Read - 'Shut the front door - Jewson 'fesses up to data breach' - The Register.

"As Jewson Direct customers, we regrettably are writing to inform you that our website (www.jewsondirect.co.uk) has suffered a security breach and, as a result, your personal data including your credit/ debit card details may have been compromised."

The company warned affected customers that a range of personal information may have been stolen during the breach, including Names, addresses, passwords, payment and contact details.

"At this stage we are aware that a foreign piece of code was encrypted into the Jewson Direct website," the company told customers. "The code has been identified and removed, and we are investigating the breach of security and any related potential loss of information/personal data.

"No card data is stored by Jewson, however, until the investigation has been completed, customers have been informed of a potential breach of card data as an advisory measure."

The letter sent to customers went on to say “To help you monitor your personal information for certain signs of potential theft, we are offering you a complimentary 12 month memberships to Experian ProtectMyID. This service helps detect possible misuse of your personal data and provides you with identify monitoring support, focused no the indentation and resolution of identity theft.”

A spokesperson for the ICO, the UK's data watchdog said: "We are aware of an incident involving Jewson, and will be making enquiries."

Since publishing the story we've been contacted by a Jewson spokesperson, who shared the following statement: “We confirm that the Jewson Direct website (formerly the Jewson Tools website www.jewsondirect.co.uk) has been the target of a security breach. We have notified 1,659 customers whose data may have been compromised and are offering free credit monitoring to all of those affected to help detect any potential misuse of data in the future.

“Only the Jewson Direct website was affected by the security breach. Our main website www.jewson.co.uk , our credit account customers and transactions across our branch network are not affected by the security breach and are operating normally. 

“We have commissioned a forensic investigation into the breach using a specialist firm and the Jewson Direct website will remain offline until the investigation is complete. We sincerely apologise for the distress and inconvenience this security breach has caused to those customers affected.”

Concerned customers can contact Jewson's customer services help desk on 024 7660 8235.

Source: Insight DIY Team

To hear all the latest breaking news in the Home Improvement industry, sign up for the Insight DIY newsletter today.