Customers' bank details stolen as hackers target Staffordshire firm
Customers at an IT company say they have lost thousands of pounds after the firm's website was hacked and their bank details stolen.
Police are investigating following a data breach at Stone Refurb, formerly Encore PC, based in Stafford, which led to customers' cash being taken. One said they lost more than £2,300.
Customers were targeted between March and May and payments are said to have been made using their bank details.
Stone Refurb, which is owned by Stone Group and sells refurbished IT equipment, has apologised to those affected. It's not clear how many were victims of the scam.
An email attributed to the company posted by one customer on the review website Trust Pilot said the hack was "a result of a compromise that occurred on an asset managed by a third party on which our website is hosted".
The angry customer said: "Product arrived okay but a few weeks later Encore PC informed me they allowed my name, address and credit card details to be stolen in a complete security failure."
Another said: "My personal and financial details got compromised. Fraud amount was £2,359."
Another customer said: "Order received quickly however my bank details were cloned by someone who had hacked into the Encore system. Two payments were made in a Tesco store before the fraud department of my bank contacted me to stop my bank card."
A spokesman for Stone Group said: "This website was previously hosted by an external provider. Earlier this year, the external hosting provider experienced a data security incident, in which the personal data of some customers making purchases on the website was compromised.
"The incident was reported to the Information Commissioner (ICO), Action Fraud and the Police. Stone Group instructed the external hosting provider to take the website down immediately.
"Following a review, the ICO was satisfied with Stone Group’s response to the incident and no further investigation was deemed necessary.
"Stone Group takes the protection of its customer personal data very seriously and has apologised to those impacted by the breach. It has also provided advice and assistance to help ensure that customers affected by this incident are protected from fraud."
Staffordshire Police said it was investigating and has urged anyone with information to contact them.
A spokeswoman said: "Staffordshire Police has been made aware of a potential data breach at Encore PC. However, we have not been notified of any customers subjected to losses. Anyone with any information should message Staffordshire Police on Facebook or Twitter, call 101 or alternatively contact Crimestoppers anonymously on 0800 555 111."