Card details stolen in web hack

June 10, 2008

http://news.bbc.co.uk/2/hi/technology/7446871.stm


The credit card details of up to 38,000 customers of clothing firm Cotton Traders were stolen following a hack of its website, BBC News has learned.

The firm has not confirmed the size of the breach but it has acknowledged the site was attacked earlier this year. It said Barclaycard was contacted as soon as it learned of the attack, and most cards were stopped. Cotton Traders was founded by ex-England rugby captains Fran Cotton and Steve Smith. In a statement, Cotton Traders said all of its customers' credit card data was encrypted on the website.

'Security issue' It said: "Earlier this year we identified a security issue. We immediately brought in industry security experts to resolve the problem.

"Cotton Traders have recently upgraded all security on their website which has been validated by leading Industry experts."

It added: "We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading Industry security standards." BBC News has learned that customer addresses were also stolen in the hack. The breach follows last year's attack on the website of TK Maxx, in which 45 million card details were lost. In that case, data was accessed on the firm's computer systems over a 16-month period and covered transactions made by credit and debit cards dating as far back as December 2002. The exact method used to hack the Cotton Traders website is not known. The firm has said customers worried about their cards should contact their card provider.


main page ATTRITION feedback