Retailer loses thousands of card details in online hack

Businesses need to do more to protect customer card details

Credit card details of up to 38,000 customers have been stolen in a hacking attack of clothing firm Cotton Traders, according to the BBC.

It is understood that the site was attacked early this year and that Barclaycard was alerted as soon as Cotton Traders learned its customers’ personal details had been stolen via card-not-present fraud. Allegedly, most cards were stopped in January.

But Cotton Traders refused to confirm the amount of records stolen and said in a statement that the BBC's claims were “wildly inaccurate".

"In January 2008, we identified a security issue. We immediately brought in industry security experts to resolve the problem," said the statement.

“Any customers who have fallen victim to fraud should contact their card issuer,” it said.

The payments association Apacs confirmed that fraud has taken place at Cotton Trader’s web site and said the matter is being investigated by the Dedicated Cheque and Plastic Crime Unit (DCPCU), its police division.

“Details of this fraud case have been shared with the card companies so that they can take the appropriate measures to protect their customers,” said a spokeswoman at Apacs.

Though the details of the incident are not completely clear, there is an obligation from any business with an online presence to ensure that details are protected and to follow any guidelines to reduce the risk of card-not-present fraud, she said.

“It is obvious that there is no such thing as 100 per cent protection. But if there is a breach, immediate action needs to be taken, which is what happened in this particular case.”

The case follows last year’s hacking attack of another clothing retailer, TK Maxx, which lost over 45 million customer records. Also last year, travel firm Travelodge suffered from a glitch on its web site, which led to names, addresses and parts of credit card numbers being accessible to other customers.