Carpetright, a popular flooring retailer, has issued a warning to its customers regarding a potential data breach that may have occurred recently. The company revealed that hashed passwords could have been stolen during the incident, prompting them to take precautionary measures by resetting all passwords. Several customers who have accounts with Carpetright received a notification about the data breach on February 19. Despite not disclosing the exact nature of the breach, Carpetright confirmed that hashed versions of user passwords were compromised.
Customers who received the email were informed that the hashed version of their password was included in the leaked data. In response to inquiries from media outlets like Tweakers, Carpetright explained that they were working with cybersecurity firm NFIR to conduct a forensic investigation. The purpose of the investigation is to determine if the stolen data has been accessed and downloaded by unauthorized parties. While there is currently no concrete evidence of data theft, the company decided to err on the side of caution by notifying customers about the potential security incident.
Carpetright disclosed that the malware infection was discovered in the back-end of their website on February 19. Although the specific type of malware was not disclosed, the company clarified that it was not ransomware. Personal information such as customer names, addresses, phone numbers, and email addresses may have been compromised during the breach. Additionally, hackers may have gained access to user passwords stored in the same database.
However, Carpetright reassured customers that payment details were not stored in the affected database. Approximately 30,000 Carpetright account holders, including customers from Belgium, may have had their data exposed during the breach. As a result, Carpetright reported the incident not only to the Dutch Data Protection Authority but also to the Belgian Data Protection Authority to ensure compliance with data protection regulations in both countries.
In light of the data breach, Carpetright has taken proactive steps to enhance their cybersecurity measures and protect customer data. They have implemented additional security protocols to prevent similar incidents from occurring in the future. Carpetright has also advised customers to change their passwords and remain vigilant against potential phishing attempts or identity theft. As the investigation into the data breach continues, Carpetright remains committed to transparency and will provide updates to affected customers as more information becomes available. The company acknowledges the importance of safeguarding customer data and is working diligently to address any vulnerabilities in their systems to prevent future breaches.
English (US)