Customers of Claire’s Accessories may have had their card payment details stolen after it was hit by a card skimming cyber attack.
Its website and that of sister company Icing fell victim to a magecart attack from 25 April to 13 June, the company confirmed.
These types of hack illegally install software which makes copies of customers payment data at checkout.
Claire’s has warned customers who made purchases during this period to look for any unauthorised charges and alert their card providers if they see anything suspicious.
The retailer said it currently does not know how many customers have been affected, but that it had launched a full investigation.
E-commerce security specialists Sansec discovered the breach and informed Claire’s on Friday, prompting it to remove the hackers' code and have take additional measures to reinforce the security of its platform.
"We are working diligently to determine the transactions that were involved so that we can notify those individuals," stated Claire's, pointing out that cards used in-store were not affected by this issue.
"We have also notified the payment card networks and law enforcement - it is always advisable for cardholders to monitor their account statements for unauthorised charges."
Recent Stories