BUILDERS' MERCHANT Jewson has warned customers that their financial details may have been exposed in a data breach that hammered its website this year.
The breach, first uncovered by The Register, is believed to have taken place on 23 August but was only discovered by the firm on 3 November.
Jewson's main website wasn't affected, but the company has warned almost 1,7000 customers of its Jewson Direct offshoot that, as a result of the breach, their names, locations, billing address, password, email, phone number, payment details, card expiry dates and CVV numbers "may" have fallen into the hands of hackers.
Upon discovering the breach, Jewson shelved the affected website and it remains offline at the time of publication.
"We confirm that the Jewson Direct website (formerly the Jewson Tools website) has been the target of a security breach. We have notified 1,659 customers whose data may have been compromised and are offering free credit monitoring to all of those affected to help detect any potential misuse of data in the future," the firm said in a statement given to the INQUIRER.
"Only the Jewson Direct website was affected by the security breach. Our main website www.jewson.co.uk, our credit account customers and transactions across our branch network are not affected by the security breach and are operating normally.
"We have commissioned a forensic investigation into the breach using a specialist firm and the Jewson Direct website will remain offline until the investigation is complete.
"We sincerely apologise for the distress and inconvenience this security breach has caused to those customers affected."
It's unclear if the pilfered data was encrypted, and when quizzed by The Reg as to whether it was, Jewson failed to answer the question, instead noting that "no card data is stored by Jewson, however, until the investigation has been completed, customers have been informed of a potential breach of card data as an advisory measure."
Jewson notified the Information Commissioner's Office of the breach on 10 November, and the watchdog said in a statement that it is "aware of an incident involving Jewson, and will be making enquiries."
But update might also bork over a thousand websites
Social network could be fined up to $1.63bn for mega-hack
Retro-remake will take your old Mega Drive and Master System cartridges
Google ditches LG as supplier after Pixel 2 complaints