Parenting Retailer Kiddicare Hit By Data Breach

kiddicare store

794,000 customers contacted to warn about their details potentially being leaked in Kiddicare data breach

A major UK childrens’ retailer has suffered a major data breach that led to hundreds of thousands of customer details being leaked online.

Kiddicare has emailed 794,000 people which may have been affected by the incident, with names, addresses and telephone numbers all feared to have been leaked, although no card details are thought to be at risk.


Whistleblower leak keyboard security breach © CarpathianPrince ShutterstockPeterborough-based Kiddicare said that it first became aware of a possible breach after being contacted by customers who had received suspicious SMS messages purporting to be from the company asking them to take part in a survey.

Following separate contact from unnamed security company with further information, the breach was then discovered to be linked to a “test” website Kiddicare used in November 2015 apparently with real customer data.

In an FAQ on its site, Kiddicare is advising customers to beware any unsolicited contact via email, post or telephone call/SMS.

“The personal information exposed has limited use and therefore the risk to you is low,” it said.

“However any personal information can be used in phishing attacks and scams and so you should be extra vigilant and be alert to any suspicious communication. If you are unsure whether a communication is genuine, you should always contact the company the message is purporting to be from to confirm authenticity.”

The company says it has now deleted the test site from its servers, made “significant upgrades and improvements” to its security, and also reported itself to the UK’s Information Commissioner Office (ICO).

An ICO spokesperson told TechWeekEurope, “We’re aware of an incident and are making enquiries.”

This latest breach goes to show how important it is to continually monitor for anomalous activity across the entire breadth of the network, security commentators have said.

“While it’s admirable that Kiddicare has gone straight to the UK’s Information Commissioner, it’s not good enough that the breach was discovered by customers whose information had not only been lost but already used with bad intentions,” said Justin Harvey, chief security officer at Fidelis Cybersecurity.

“Kiddicare and similar organisations need to switch from such a reactive approach and, instead, be proactively hunting for the malicious activity within its network that allows data to be exposed.”

What do you know about some of the world’s biggest data breaches? Take our quiz to find out!