Superdrug Security email received. Long post

I meant to add that although I have used the store, as far as I know, I do not have an account/password for this store.

Auntieflo, it is genuine. I have googled it. Here is a link to the story www.computerweekly.com/news/252447313/Superdrug-denies-data-breach

The CEOs name is genuine, for what that is worth, but so is the Superdrug website address.

The internet has various reports. This Huffington Post page has what looks like a later update. Superdrug Says Customer Data Stolen By Hackers Is From 'Other Websites'

"In a statement issued to HuffPost UK on Wednesday morning, a Superdrug spokesperson added that following further investigation from “independent IT security advisors” they found “no signs of a hack of our systems”.
A spokesperson said there had been “no mass data download or extraction” from Superdrug’s systems.
“They [The IT security advisors] also confirmed that the 386 accounts that were shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to Superdrug.”

I had the same email, so did someone I know. We have the loyalty cards so registered online. My friend may have shopped online with Superdrug, but I haven’t. Both of us have changed our passwords.
Do you have a loyalty card too, Auntyflo? Maybe that’s how your email is on the database

It sounds like hoaxers tried to convince Superdrug of a hack which hasn’t happened. I’m not losing any sleep over it, what’s the point of worrying when I cannot change anything?

The only info I divulged for my card was email address, name and address. I gave a false date of birth and a for my mobile phone number, provided a correct code followed by a load of zeros. I always do that when providing personal details if I consider that they don’t need the true info.

Aah, that will be it then. I did have a loyalty card, but think I destroyed it, as I never used it. Thank you SpringyChicken. Also M0nica for taking the trouble to google it, and find the info. I love GN ?

Also had the same email Auntiflo, it came through very late last night and I've deleted it too. Like SpringyChicken, I don't give date of birth details to stop someone trying to steal my ID.

I got the same email, which was a bit late, considering it was in the papers yesterday.I changed my password immediately.
Some people use the same password for everything, therefore all your passwords may be compromised if your password has.been hacked.
It is highly unlikely that anyone will try to use this info, but better safe than sorry.

I got a similar email from Curry’s PC World and again this is genuine.

Had something similar from a genealogy website which they claimed Paw belonged too. I checked that there was no subscription therefore no bank details and (politely) just asked them to remove his contact details from their lists as he had died.
Well! I wasn’t expecting the next bit, but they insisted on proof that my message related to him and that my email address was genuine before they would remove his name. I pointed out they had emailed me and asked what part of “dead” thy didn’t understand. They then demanded a copy of his death certificate at which point I flipped. I sent a very stroppy email refusing on the grounds of possible identity theft, repeating my request to remove all contact details, accused them of appalling insensitivity - and then poured myself a stiff Scam or genuine, I could have done without it.

Maw ?

I received this is and it is genuine and I have now changed my password. I have shopped with them in the past so thought their might be a chance it was for real, used my normal procedure, never click on a link, do some research online first re security breaches on the company then open another window if you want to go and sign in and change your password/personal details.

I got the same. When I get these type of emails I go to the site , never from the link in the email, and change my password.

Apologies, should be there not their. One thing that worries me is that the OP has copied the email including the links. If this had been a scam anyone clicking on those links could presumably be taken back to the fraudulent site. Not a good idea to copy & paste something like this much better to just ask if others had received anything similar.

I got this message and tried to change my password. That didn't work so I emailed Superdrug and requested that they remove any of my details held on their database. They came back such a long, complicated instructions and requests I had to remind them that they had contacted me, this was their problem not mine and that they should simply do as I requested. I didn't hear from them again so I assume my email was just ignored.

After reading this, I tried to log in, but I was locked out. Asked for a reset for new password, got the link three hours later and when I tried to use it got an error message, saying that my password was wrong and it locked me out again.
There is something not right here.
This doesn't really instil confidence in Superdrug!

Do they have a Facebook page and/or a Twitter account to shame them on?

I also couldn’t change my password, which made me think that I dihave one, despite having a loyalty card. Maybe they only have my e mail. I’ve never ordered anything on line.
I do try to avoid on line retail activity.

I went to the website directly, rather than the link in the email. I felt that was safer. I tried several times to change my password but kept getting error messages. In the end I emailed Customer Support and asked them to close the account.

I'm getting tired of all these security breaches. These companies clearly aren't taken good enough care of my information, so I've been closing accounts left, right and centre. It's just not wort it for the sake of a few points and a couple of quid off my next mascara!