British pharmacy chain Superdrug told customers on Tuesday to change their passwords after a hacker claimed to have stolen personal data of 20,000 online shoppers.
The retailer said the hacker demanded a ransom of two bitcoin -- or currently about $13,000 -- on Monday, Reuters reported.
The hacker shared 386 accounts with the company as proof of the deed, but Superdrug's security advisers said that those details were obtained in a previous hacking attempt -- one unrelated to Superdrug -- and that there was no evidence Superdrug's servers were compromised.
Superdrug said in a statement that no payment information had been accessed, but customers' names, addresses, dates of birth, phone numbers and loyalty point balances may have been. Superdrug directly emailed the people believed to have been affected.
"In line with good security practice, we are advising all our customers to change their passwords now and on a frequent basis," Superdrug said in the statement. "We have contacted the Police and Action Fraud (the UK's national fraud and cyber-crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers' data incredibly seriously."
Superdrug's reaction to the hacking claim earned praise from Sarah Armstrong-Smith, chief of continuity and resilience at IT services provider Fujitsu UK and Ireland, who contrasted it with. "Cyber criminals are entrepreneurial, well-funded and well-motivated and instead of remaining reactive, businesses must transition to a proactive stance," she said in a statement.
In July, UK-based Dixons Carphone revealed that a 2017 cyberattack-- far more than .