Start-Rite reports data breach, exposing customer data

A significant security breach has been reported at Start-Rite Shoes, a children's shoemaker based in Norwich, UK. The incident, discovered on November 11, 2024, marks their second major security lapse in eight years.

The Information Commissioner's Office (ICO) has confirmed that Start-Rite has reported the incident, and they are currently assessing the provided information.

The breach occurred through a third-party application code on their website www.startriteshoes.com, potentially exposing customer payment card information during transactions made between October 14 and November 7, 2024.

The exposed data includes:

• Full customer names (as displayed on payment cards)
• Card billing addresses
• Complete card numbers
• Expiry dates
• CVV numbers
• Email addresses
• Telephone numbers
• Postal addresses

The number of affected individuals is not disclosed.

The company has taken immediate action by removing the malicious code and the compromised third-party application, and has notified affected customers via email. They've advised customers to contact their banks to cancel potentially compromised cards and monitor their statements for unauthorized transactions dating back to October 14, 2024.