Jewson

Jewson, operating also as Jewson Direct, is a United Kingdom-based builders merchant supplying building materials, tools, and equipment primarily to trade professionals and retail DIY customers. The company maintains a significant physical retail footprint with numerous branches across the UK, complemented by an e-commerce platform that facilitates online sales and customer account management. Its product range encompasses core construction supplies, timber, plumbing and electrical components, landscaping materials, and hardware, serving a broad spectrum of customers within the residential, commercial, and renovation sectors. The business model integrates traditional in-store service with digital sales channels, positioning it as a comprehensive supplier for construction and home improvement projects. This dual-channel approach allows Jewson to cater to both contractors requiring bulk materials and individual consumers undertaking smaller projects, establishing it as a familiar and accessible brand within the UK building supplies industry.

The company's operational scale and handling of sensitive customer data were highlighted during a significant cybersecurity incident in 2017. Attackers compromised its e-commerce website by injecting unauthorized code, an intrusion that persisted undetected for several weeks. This breach potentially exposed a wide array of personal customer information, including names, contact details, billing addresses, and encrypted passwords. Critically, the incident raised concerns about payment card data, as the company, while asserting it did not directly store card details, notified customers that card information including CVV numbers might have been intercepted during the transaction process. The breach necessitated the temporary shutdown of the website for forensic investigation and was formally reported to the UK's data protection authority. In response, Jewson proactively notified affected individuals and provided complimentary identity monitoring services, underscoring its regulatory obligations and customer communication protocols following a major data security event. This incident remains a notable reference point for the company's cybersecurity history and its approach to managing customer data risks within its commercial operations.