Vision Direct customer card details stolen in data hack
Vision Direct customers who ordered online or updated their details earlier this month may have had their personal and financial data stolen, after the website was breached.
Customers who logged into their accounts or used the Vision Direct website to update their details between 12.11am on 3 November and 12.52pm on 8 November may have been affected.
The stolen data includes personal details such as full names, email addresses, passwords, phone numbers and billing addresses, as well as financial details including card numbers, expiry dates and CVVs.
For more info on data hacks, see our 30+ Ways to Stop Scams guide.
How can I tell if I'm affected?
Your information could be at risk if you ordered from Visiondirect.co.uk, or logged into your online account, between 3 November and 8 November.
This includes payment card information for Visa, Mastercard and Maestro. If you made an order using PayPal during this period, your payment details won't have been compromised – but personal information such as your address or phone number may have been accessed.
Vision Direct says existing customer information stored in its database was not compromised – so if you have a Vision Direct account but didn't use it during this period, or you browsed the website without logging in, you won't be affected.
It says that it's contacting all affected customers to apologise and let them know about the breach.
We've asked how many customers have been affected, and will update this story when we hear back.
What should I do if I'm affected?
Vision Direct says that affected customers should contact their bank or credit card provider for advice.
You can also contact Vision Direct's customer services team on 020 7768 5000 – although its website warns that there are high call volumes at the moment.
You can also take the following steps to minimise the risk of being hit by fraud (see our 30+ Ways to Stop Scams guide for full help):
- Check your bank or credit card transactions regularly. If you spot any unfamiliar or unusual activity, make sure you contact your bank immediately and let it know.
- If worried, demand a new card. Banks and credit card firms are taking different approaches, but if yours isn't routinely replacing cards affected by this breach, you can ask for a replacement card anyway.
- Beware of 'phishing scams'. Criminals may attempt to use the news of the data breach as an opportunity to trick people affected into revealing information. Remember that no bank or any other genuine organisation will contact you out of the blue to ask for details such as your PIN or banking password, and beware of clicking on any links in text messages or emails.
- Change your Vision Direct login password. And if you use that password elsewhere, make sure you change it there too. It's good practice to use different passwords – see our Password Security guide for more help.
- See if your card provider lets you get payment notifications. Some card providers, such as American Express, allow you to get notifications on your phone or tablet every time a payment is made on your card. This way you can see instantly when a payment goes out, if it's one you aren't expecting.
We've asked Vision Direct if it will compensate customers if they are left out of pocket as a result of the breach and will update this story when we hear back.
In a customer email seen by MoneySavingExpert.com, Vision Direct says it will consider compensating customers for any losses which aren't covered by their bank or credit card provider. Affected customers should send evidence to email@example.com.
What does Vision Direct say?
A statement on the Vision Direct website says: "We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise and continue to inform you of any updates in the next few days."
Have your say
This is an open discussion and the comments do not represent the views of MSE. We want everyone to enjoy using our site but spam, bullying and offensive comments will not be tolerated. Posts may be deleted and repeat offenders blocked at our discretion. Please contact firstname.lastname@example.org if you wish to report any comments.