Clothing retailer Cotton Traders has confirmed that customers' credit card
details were stolen from its website in January this year.
The retailer, founded by ex-England rugby players Fran Cotton and Steve
Smith, claimed that the credit card details were encrypted.
Cotton Traders notified the issuers when the security breach occurred, and
said that "most" of the affected cards were cancelled and reissued immediately.
"We can confirm that our customer credit card data is encrypted on our
website, but if any of our customers have been a victim of fraud they should
contact their card issuer," said the company in a prepared statement.
Around 38,000 credit cards were compromised, according to some reports,
although Cotton Traders has dismissed the number as wildly inaccurate.
The retailer said that it has since raised the levels of security on its
site.
Security experts suggest that such cyber-crimes are an inevitable part of an
increasingly online economy.
As people move their businesses to the web, so crime will follow
Charlie Abrahams MarkMonitor
"As people move their businesses to the web, so crime will follow," said
Charlie Abrahams, European vice president at MarkMonitor.
The fact that the news of the data theft has not emerged until now is a facet
of UK data protection laws.
In California, for example, companies that lose personal details of customers
or employees are required by law to notify the victims within a short time. News
of the loss is therefore made public immediately.
Although not a legal requirement in all states, most US companies adopt the
more stringent Californian regulations.
No such requirement exists in the UK, but there are increasing calls to
implement tougher legislation.
Do you agree?
Have your say on this article