Published on April 22nd, 2020 📆 | 7630 Views ⚑0
UK hardware flinger Robert Dyas had credit card data and more skimmed from website • The Register
British hardware chain Robert Dyas’ website has been hit by credit-card stealing malware that siphoned off customers’ payment details and addresses.
Between 7 and 30 March a card skimmer was present on Robert Dyas’ payment processing page, the chain admitted in an email sent to affected customers that was seen by The Register.
“We became aware on 30 March 2020 that malicious software (malware) had been uploaded on to our ecommerce website by an external third party, which was immediately blocked by our IT Security team,” said the email.
Stolen data is said to include “personal and credit/debit card details, along with names and addresses of customers.” Nobody’s Robert Dyas password was stolen, though that will be the least of the affected people’s worries.
From the description it is plain that card-skimming malware was present. We have asked the Theo Paphitis-owned chain for further details and whether the infection was the infamous Magecart malware.
Jake Moore of infosec biz Eset dryly commented to The Register: “This is by no means the perfect timing to have a card skimmer to be hidden and operating on your site during a time when online sales are going through the roof in most industries.”
He added: “For those affected it may even be a double blow as to when they understand the full potential and impact it may have on their finances. Of course, these customers should contact their banks for further details and added support but this shouldn’t be taken lightly. Although no passwords seem to be taken I would suggest they change it as a matter of procedure in case it further comes out that more data was in fact compromised.”
A Robert Dyas PR spokeswoman did not immediately answer The Register‘s questions. We’ll update this article if we hear back from her.
Back in March – ironically – US box brand Tupperware was struck with a similar infection that used a malicious PNG image file along with steganographic techniques to hide the compromise.
Robert Dyas is owned by Dragon’s Den telly star Theo Paphitis. It has 94 shops across the south of the UK and in Christmas 2018 boasted that online sales grew by 45 per cent over the previous 12 months, having turned over £131.8m and made gross profits (EBITDA) of £1.6m. In the previous year it made a £780,000 loss. ®
Choosing A Low-Code Vendor