Customer data theft

Updated: 19th November 2018

Between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November, the personal and financial details of some of our customers ordering or updating their information on visionDirect.co.uk was compromised. This data was compromised when entering data on the website and not from the Vision Direct database. The breach has been resolved and our website is working normally.

The stolen data included personal and financial details of customers logging in and making changes on the VisionDirect.co.uk website. Vision Direct has taken the necessary steps to prevent any further data theft, the website is working normally, and we are working with the authorities to investigate how this theft occurred. If you have any questions in regards to this matter, please call our customer services team on 020 7768 5000 from the UK and 1 800 870 0741 from the US.

We are experiencing high call volumes into our customer service centres so please continue to check this page for the latest information. We appreciate your patience during this time.

What to do if you have been affected

If you believe you may have been affected because you logged into your Vision Direct account or updated your personal or financial details on VisionDirect.co.uk between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, we recommend you contact your bank or credit card provider and follow their advice.

We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise and continue to inform you of any updates in the next few days.

Have I been affected?

How do I know if I have been affected?

Customers who logged into VisionDirect.co.uk or created a new account between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 may have been affected. We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice.

What data has been affected?

The personal and financial details of customers logging in or updating their accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 was compromised. Only customers who logged in between these dates are at risk.

The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.

As the information was compromised as it was being entered into the site, any existing personal data that was previously stored in our database was not affected by the breach. All payment card data is stored with our payment providers and so stored payment card information was not affected by the breach.

What payment information has been affected?

If you updated any payment card information between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, then your information may be at risk. This will include the following payment methods:

  • Visa
  • Mastercard
  • Maestro

Customers using PayPal during this period will be unaffected. We advise any concerned customers to contact their banks or credit card providers and follow their advice.

NOTE: We do not store any CVV data. However, if it was entered into a data field on our website between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, then this may have been compromised.

Did this affect just new customers, or any details updated within the impacted time period?

All customers that logged in or updated their details between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 inclusive were affected. Nobody was affected before or after these dates and times. This includes new customer accounts created during this time period.

Are my saved payment card details safe if they were used to make an order in that period?

There is no risk of data already stored in our database. The breach only impacted new information added or updated on the VisionDirect.co.uk website between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018.

Has saved personal or credit card data been stolen, even if I never logged in during that period?

No, saved data was not impacted.

I used PayPal to pay for my order on VisionDirect.co.uk. Is this impacted?

If you made an order through PayPal, your PayPal account will not have been compromised. However there does remain the risk that some of your personal information such as your name and address has been accessed.

We advise any concerned customers to contact their banks or credit card providers and follow their advice.

I only browsed through the VisionDirect.co.uk website – am I affected?

If you visited the website during this time period without logging in and didn’t make any purchases or changes to your account, then your data should not have been compromised.

However, if you updated any details to your account between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, your information may have been compromised. If you logged in through the ‘Log In’ window, your information may have been affected. If you were not logged in, you will not have been affected.

I made a call to customer services, who then updated my account – am I affected?

Any updates to accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, were affected. This includes updates and orders made on your behalf via our customer services team.

If a change was made to your account, between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, such as updating address details or payment information, then your information is at risk.

What should I do if I think I am affected?

Should I call my bank or cancel my credit cards?

We recommend that all customers who logged in or updated any details on their account on VisionDirect.co.uk, between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, contact their banks or credit card providers and follow their advice.

I think my card was compromised when I made a purchase on VisionDirect.co.uk outside of the time period – what should I do?

The data theft relates to customers who logged in or updated their accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 only. We advise any concerned customers to contact their banks or credit card providers and follow their advice.

Should I reset my VisionDirect.co.uk password?

Vision Direct will send you a separate email from help@visiondirect.co.uk, with instructions on how to update your password, if we believe your information has been compromised.

How does this affect my orders?

What shall I do if I would like to place an order today?

The incident has been resolved and all systems are working normally so customers are able to visit the VisionDirect.co.uk website and place orders as normal.

Will orders made over the period of this incident be affected?

No, any orders placed during this time will still be processed. You should expect to receive your orders as normal.

please wait