Jewson, the builders merchant, has become the latest organisation to warn of a data breach compromising the personal and financial details of customers.
The breach is believed to have taken place on 23 August, but was only discovered by the company on 3 November, and promptly closed down the cracked website. The Information Commissioner's Office (ICO) was informed on Friday, 10 November.
While Jewson's main website wasn't affected, the company has warned almost 1,7000 customers of its Jewson Direct offshoot that, as a result of the breach, their names, locations, billing address, password, email, phone number, payment details, card expiry dates and CVV numbers "may" have fallen into the hands of hackers.
"We confirm that the Jewson Direct website (formerly the Jewson Tools website) has been the target of a security breach. We have notified 1,659 customers whose data may have been compromised and are offering free credit monitoring to all of those affected to help detect any potential misuse of data in the future," the company said in a statement.
It continued: "Only the Jewson Direct website was affected by the security breach. Our main website www.jewson.co.uk, our credit account customers and transactions across our branch network are not affected by the security breach and are operating normally.
"We have commissioned a forensic investigation into the breach using a specialist firm and the Jewson Direct website will remain offline until the investigation is complete.
"We sincerely apologise for the distress and inconvenience this security breach has caused to those customers affected."
While the statement unusually straightforward, the company has been less forthcoming over questions about whether the purloined data had been encrypted - especially the financial details.
The company claimed, though, that "no card data is stored by Jewson"
Meanwhile, the ICO acknowledged the breach, saying in a statement that it was "aware of an incident involving Jewson, and will be making enquiries".
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws