Around 150,000 Boots Advantage Card accounts have been hacked

Thursday, 5th March 2020, 12:02 pm
Updated Thursday, 5th March 2020, 12:03 pm

Boots has suspended payment via its Advantage Card scheme after facing a serious cyber attack. The beauty retailer and pharmacy chain claimed that one per cent of its 14 million Advantage Card users had been affected - but that percentage adds up to nearly 150,000 people.

Boots says its security teams noticed unusual activity on customers loyalty accounts. It was discovered that, although Boots' main systems were not affected, hackers had obtained passwords for customers accounts and were trying to purchase items with the accumulated points.

In a statement, Boots said, “Our customers' safety and security online is very important to us. We can confirm we are writing to a small number of our customers to tell them that we have seen fraudulent attempts to access boots.com accounts."

Sign up to our daily newsletter

The i newsletter cut through the noise

Using the same password makes you vulnerable

Boots stated that hacks like these are made easier when people use the same passwords and email addresses on various accounts across their online world.

The company stated, “We are writing to customers if we believe that their account has been affected, and if their Boots Advantage Card points have been used fraudulently we will, of course, replace them.

“As an extra precaution we have temporarily stopped payment by Boots Advantage Card points on boots.com or in store.

"This removes the ability for people to attempt to access any Boots accounts, but means that customers will not be able to use Boots Advantage Card points to pay for products in store and online for a short period of time."

Second hack on loyalty cards this week

A few days ago, Tesco Clubcard owners found themselves in a similar situation after the supermarket giant admitted some of its customers loyalty accounts had been hacked.

The company said that 60,000 customer loyalty accounts had been hacked, again by hackers finding out customers common passwords.

Like Boots, Tesco reiterated that their own systems had not been hacked which was a relief to those who hold credit cards with the company.

Customers who have been affected will already have been contacted by both Tesco or Boots.