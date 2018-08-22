/ Getty Images

British pharmacy chain Superdrug told customers to change their passwords after a hacker claimed to have stolen the personal data of 20,000 online shoppers late Monday.

The health and beauty retailer said the hacker demanded a ransom of two bitcoin -- which is currently worth about $13,337, Reuters reports.

The hacker shared 386 accounts with the company as proof of their deed, but its security advisors say those details were obtained in previous hacking attempt -- one unrelated to Superdrug -- and there was no evidence that its servers were compromised.

It previously warned that no payment information had been accessed, but customers' names, addresses, dates of birth, phone numbers and loyalty points balances may have been. Superdrug directly emailed the people believed to have been affected.

"In line with good security practice, we are advising all our customers to change their passwords now and on a frequent basis," Superdrug said in a statement.

"We have contacted the Police and Action Fraud (the UK's national fraud and cyber-crime arm) and will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers' data incredibly seriously."

Superdrug's quick, open reaction to the hacking claim earned praise from Sarah Armstrong-Smith, Fujitsu UK and Ireland's continuity & resilience chief, who contrasted it with Uber's reaction to a 2017 data breach.

"Cyber criminals are entrepreneurial, well-funded and well-motivated and instead of remaining reactive, businesses must transition to a proactive stance," she said in a statement.

In July, Dixons Carphone revealed that a 2017 cyberattack may have affected 10 million records containing personal data -- far more than its original estimate.