Superdrug told ITV News last night that so far it has seen 386 of the accounts compromised.
A spokeswoman for the company reportedly said: “The hacker shared a number of details with us to try and ‘prove’ he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.”
Superdrug said customers’ names, addresses and in some cases dates of birth, phone number and points balances may have been accessed - but no payment or card information had been taken.
Affected customers will have now received an email from Superdrug, which is legitimate, asking them to change their passwords, and to change them regularly in the future.
Cybersecurity: in focus for beauty
With trust and transparency particularly important for beauty consumers, who tend to feel a personal connection with the products, brands and retailers they use, cyber security will be an increasing focus for beauty companies with a digital presence.
Commenting on the Superdrug breach, Sam Curry, Chief Security Officer at Cybereason, explained that consumers and companies alike need to realise that online data is vulnerable, and to take appropriate action.
"The biggest issue with the possible breach of private information from Superdrug customers is that this is another blow to our collective privacy,” he explains.
"We know the list of companies suffering breaches where personal information of their customers was compromised is in the thousands. The reality is that the cost to gain information on consumers has plummeted and should be at the forefront of the debate.
"Today, every consumer should be working under the assumption that their personal information has been compromised many times over, and the latest Superdrug hack is a reminder that they should watch their identities and credit for abuses."