Cyber Incident Victim: Jewson
Date:
Aug 2017
Location:
United Kingdom
Summary
A builders merchant experienced a cybersecurity breach where attackers infiltrated its e-commerce website via unauthorized code, potentially compromising customer names, locations, billing addresses, passwords, email addresses, phone numbers, and payment card details including CVV numbers. The intrusion remained undetected for weeks before discovery, prompting temporary website closure and forensic investigation. While the company asserted it did not store card data, it notified customers of potential card data exposure as a precautionary measure. Impacted individuals were advised to monitor accounts for suspicious activity and offered complimentary identity monitoring services. The incident was reported to the relevant data protection authority.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Jewson data breach occurred on or around August 23, 2017, when unauthorized actors compromised the Jewson Direct website (www.jewsondirect.co.uk). The intrusion remained undetected until November 3, 2017, when the company discovered the security incident and temporarily shut down the affected website, which remained offline at the time of reporting. Jewson notified the UK Information Commissioner's Office (ICO) of the breach on November 10, 2017, and subsequently informed customers via written correspondence. Forensic investigators identified a foreign piece of code encrypted into the website infrastructure, which was promptly removed. The attackers potentially accessed customer names, locations, billing addresses, passwords, email addresses, phone numbers, payment card details including expiry dates and CVV numbers, though Jewson maintained that no card data was stored on their systems.
The company initiated a detailed forensic investigation to determine the breach scope and attacker methodology, though specific details about encryption standards or intrusion vectors remained undisclosed. Impacted customers received advisories to monitor financial accounts for suspicious activity and contact card providers if irregularities were detected. As remediation, Jewson offered affected individuals complimentary 12-month memberships to Experian's ProtectMyID service for identity monitoring. The breach exposed customer data for approximately 10 weeks before detection, creating significant exposure window for potential misuse. Jewson established a dedicated customer service helpline (024 7660 8235) for breach-related inquiries while continuing internal investigations into security improvements.