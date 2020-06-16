Wiggle has today confirmed it has been hit by a security breach that has led to fraudulent purchases on a number of its customers' accounts. The Portsmouth, UK based company is the largest UK online cycle retailer and also owns Chain Reaction Cycles and Bike 24.
As reported by road.cc
, complaints about unusual transactions and data being changed have been dated back to June 12, including the below purchase of a Castelli skinsuit worth £237.50:Cyclist magazine
also reported on a customer who had a £75 purchase on his account that was due to be shipped to Russia. The customer was later unable to access his Wiggle account after his password was changed.
Wiggle CEO Ross Clemmow today confirmed that a breach had taken place and issued the following statement:
Cycling Industry News
|Data security is of the utmost importance to us. We’ve investigated the isolated incidents where accounts have been accessed, and we understand a small number of customers’ login details have been acquired outside of Wiggle’s systems and some have been used to gain access to Wiggle accounts and purchases made.
We have taken steps to identify these compromised accounts and we will be individually contacting these customers. All impacted customers will be refunded. To protect our customers, all accounts will require the re-entry of card details for the next purchase.
We are aware that where customers utilise the same password across multiple websites, fraudsters with access to some details can feasibly use these to try and gain access to genuine customer accounts. We recommend our customers change their password if they have any concerns. We would like to assure our customers we’re prioritising all enquiries related to this issue.—Ross Clemmow, CEO
is reporting that Wiggle customers will now be required to re-enter their card details on future transactions. It is recommended that Wiggle customers change their passwords immediately, especially if they use the same password across multiple websites. Whether the data breach is exclusive to Wiggle or wider is currently unknown.
