PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Vision Direct Hack Exposed Users Card Numbers and CVV Codes

A fake Google Analytics script could have stolen the information of anyone using the site between the 3rd and 8th of November. Sites in Ireland, the Netherlands, France, Spain, Italy and Belgium were also affected.

Adam Smith
 & Adam Smith Contributing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Fake Google Analytics script that was placed in the Vision Direct website's code could have stolen the details of thousands of customers' card information.

The payment card numbers, expiry dates, and CVV codes (the three digit number on the back of the card) of anyone that visited the site between the 3rd and the 8th of November could have been affected.

The BBC reported that 6,600 customers could have had their financial details exposed, while another 9,700 people had their personal information stolen, but not their card details.

In a statement on Vision Direct's website, it said that "the personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV."

"We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise."

A spokesperson said that "this particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware."

"Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."

Any users that logged in or updated their details on the Vision Direct website should contact their bank or credit card providers; because the hackers gained CVV codes, which are usually a good indication that someone has the physical payment card, it would be much easier for them to access bank accounts or make payments.

The company has said that customers who had used PayPal to make purchases should have their payment information secure, although their personal information could still have been compromised.

This is the same kind of hack that targeted British Airways earlier this year, gaining information from 380,000 people.

About Our Expert

Adam Smith

Adam Smith

Contributing Editor

Adam Smith is the Contributing Editor for PC Mag UK, and has written about technology for a number of publications including What Hi-Fi?, Stuff, WhatCulture, and MacFormat - reviewing smartphones, speakers, projectors, and all manner of weird tech. Always online, occasionally cromulent, you can follow him on Twitter @adamndsmith

Read the latest from Adam Smith

Read full bio