Customer data theft

Updated: 5th January 2022

From 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December 2021 the financial details of a small number of customers ordering on the VisionDirect.co.uk website was compromised due to an external attack by hackers. We're truly sorry, but you may have been affected.

The financial information compromised during this time included credit or debit card numbers, expiry dates and CVV security codes. This information could be used to conduct fraudulent transactions and we recommend that you contact your bank or credit card provider immediately and follow their advice. At this time there is no evidence that any other personal information such as name, address, telephone number or email address was compromised during this attack.

Only customers who entered financial details onto the site during the time of the attack (as stated above) are at risk. At this time there is no evidence that customers using saved card details or those using other payment methods such as PayPal were affected by the theft. All payment card data is safely stored with our payment providers.

Vision Direct has already resolved the immediate issue and has also taken steps to prevent any further possibility of data theft, including improvements to the active monitoring system which detects any malicious attempts to access the website. The website is now working normally again, and we are taking appropriate steps with the data protection and enforcement authorities to investigate how this theft occurred and to report the attack as legally required.

Helpful Questions & Answers

How do I know if I have been affected?

Customers who entered new payment details into VisionDirect.co.uk between 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December 2021 may have been affected.

What to do if you have been affected

If you believe you may have been affected because you entered financial details on VisionDirect.co.uk between 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December, we recommend you contact your bank or credit card provider and follow their advice.

What payment information has been affected?

If you entered new payment card information between 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December 2021, then your information may be at risk. This includes the following payment methods:

  • Visa
  • Mastercard
  • Maestro
  • American Express

There is no evidence at this time to suggest that customers using saved card details or other payment methods, including PayPal were affected by this attack and we advise any concerned customers to contact their banks or credit card providers and follow their advice.

Please note: Vision Direct does not store any CVV data. However, if it was entered into a data field on our website during the affected time, this may have been compromised.

I only browsed through the Vision Direct website – am I affected?

If you visited the website during this period but didn't make any purchases or enter new credit card details, then there is no evidence at this time that your data has been affected by this incident.

Are my saved payment card details safe if they were used to make an order in that period?

At this time there is no evidence to suggest that saved card details were affected by the theft. The breach only impacted new card information added on the VisionDirect.co.uk website between 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December 2021. All payment card data is safely stored with our payment providers.

I think my card was compromised when I made a purchase on the Vision Direct website outside of the affected period – what should I do?

The data theft relates to customers who introduced financial data between 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December 2021. We advise any concerned customers to contact their banks or credit card providers and follow their advice.

What shall I do if I would like to place an order today?

The incident has been resolved and all systems are working normally, and we have introduced an active monitoring system to detect any malicious code entered onto the website. Customers can visit the VisionDirect.co.uk website and place orders as normal.

I placed an order through customer services, who then entered my card details– am I affected?

Purchases made with new card details between 10.38pm GMT on Wednesday 22nd December 2021 until 14.20pm GMT on Friday 24th December 2021 were affected. This includes orders made on your behalf via our customer services team.

please wait