Shoemaker Start-Rite says hackers accessed customers' personal and payment information

British shoemaker Start-Rite, which designs and manufactures shoes for children and teenagers, said it experienced a cyber attack that compromised the sensitive personal and financial information of its customers.

 

Recently, the Register reported seeing a notification sent to Start-Rite customers where the company said that between October 14 and November 7, its internal network was breached and the sensitive personal data of its customers was accessed by an unauthorised third party.

 

The potentially accessed data included names as displayed on payment cards, registered addresses, payment card numbers, expiry dates, and CVV numbers.

 

“We would advise you to contact your bank or credit card provider and ask them to stop the card you used to pay us and issue you with a replacement. You may be able to do this immediately via your mobile banking or credit card app,” Start-Rite told customers.

 

“We would also ask you to be vigilant and check your bank or credit card statements for any transactions you do not recognize on or after 14 October 2024. If you do see anything which appears strange, you should contact your bank or credit card provider, tell them that you did not authorize the transaction, and ask for a refund. You may wish to provide them with a copy of this email to support your request.”

 

Start-Rite added that it will notify the Information Commissioner’s Office about the incident but wanted to notify potentially affected customers at the earliest so that they can take steps to protect themselves from financial fraud.

 

While the company is yet to publicly acknowledge the data security incident, it has confirmed to The Register that the incident did take place.

 

In a statement shared with the media house, a Start-Rite spokesperson said, “On 11 November, Start-Rite Shoes became aware that it had suffered a security incident via a third-party application code on www.startriteshoes.com. The breach potentially provided access to customer bank card information. The website is now secure and the malicious code and third-party app have been removed.

 

"The incident is being reported to the Information Commissioner’s Office and Start-Rite will be cooperating fully with the police. Start-Rite has contacted all customers who might have had their details compromised and is continuing to ensure the security of its website,” the spokesperson added.