简体中文
Hackers have stolen bank card details from the online platform used by Claire's, the jewellery and accessories retailer.
The attack began on 25 April and was ongoing until 13 June, according to researchers at Sansec.
Consumers who may have shopped online at Claire's during this period are advised to monitor their account statements for unauthorised charges, and alert their card provider's fraud team if they see anything suspicious.
So-called Magecart skimming attacks, named after the software allowing hackers to take copies of card details used on digital stores, have become increasingly common in recent years.
British Airways is the most high-profile company that was recently hit by
this style of attack
, which affected at least 380,000 customers.
The stolen details are often sold in bulk to other cyber criminals who use them to fund illicit activities.
A spokesperson for Claire's told Sky News that the company does not know how many customers have been affected - and that it is investigating the matter so victims can be informed.
Under the UK's data protection laws, companies have 72 hours to tell individuals if they have suffered a data breach involving the loss of sensitive personal data, such as payment card details.
Sansec, a company that specialises in protecting payment platforms from skimming attacks, said malicious code was added to the online stores of Claire's and its sister brand Icing's in the last week of April.
The code intercepted customer information and sent it to a domain that the criminals had registered to look as if it belonged to the company.
The Claire's spokesperson said the company identified the issue on Friday 12 June, confirming: "Our investigation identified the unauthorised insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process.
"We removed that code and have taken additional measures to reinforce the security of our platform. We are working diligently to determine the transactions that were involved so that we can notify those individuals."
Sky News has asked the UK's data watchdog, the Information Commissioner's Office, whether Claire's has reported the data breach to the regulator.
