Updated: 19th November 2018
Updated: 19th November 2018
Between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November, the personal and financial details of some of our customers ordering or updating their information on VisionDirect.ie was compromised. This data was compromised when entering data on the website and not from the Vision Direct database. The breach has been resolved and our website is working normally.
The stolen data included personal and financial details of customers logging in and making changes on the VisionDirect.ie website. Vision Direct has taken the necessary steps to prevent any further data theft, the website is working normally, and we are working with the authorities to investigate how this theft occurred. If you have any questions in regards to this matter, please call our customer services team on 01 513 4141 from Ireland and 1 800 870 0741 from the US.
We are experiencing high call volumes into our customer service centres so please continue to check this page for the latest information. We appreciate your patience during this time.
If you believe you may have been affected because you logged into your Vision Direct account or updated your personal or financial details on VisionDirect.ie between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, we recommend you contact your bank or credit card provider and follow their advice.
We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise and continue to inform you of any updates in the next few days.
Customers who logged into VisionDirect.ie or created a new account between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 may have been affected. We advise any customers who believe they may have been affected to contact their banks or credit card providers and follow their advice.
The personal and financial details of customers logging in or updating their accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 was compromised. Only customers who logged in between these dates are at risk.
The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.
As the information was compromised as it was being entered into the site, any existing personal data that was previously stored in our database was not affected by the breach. All payment card data is stored with our payment providers and so stored payment card information was not affected by the breach.
If you updated any payment card information between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, then your information may be at risk. This will include the following payment methods:
Customers using PayPal during this period will be unaffected. We advise any concerned customers to contact their banks or credit card providers and follow their advice.
NOTE: We do not store any CVV data. However, if it was entered into a data field on our website between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, then this may have been compromised.
All customers that logged in or updated their details between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 inclusive were affected. Nobody was affected before or after these dates and times. This includes new customer accounts created during this time period.
There is no risk of data already stored in our database. The breach only impacted new information added or updated on the VisionDirect.ie website between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018.
No, saved data was not impacted.
If you made an order through PayPal, your PayPal account will not have been compromised. However there does remain the risk that some of your personal information such as your name and address has been accessed.
We advise any concerned customers to contact their banks or credit card providers and follow their advice.
If you visited the website during this time period without logging in and didn’t make any purchases or changes to your account, then your data should not have been compromised.
However, if you updated any details to your account between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, your information may have been compromised. If you logged in through the ‘Log In’ window, your information may have been affected. If you were not logged in, you will not have been affected.
Any updates to accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, were affected. This includes updates and orders made on your behalf via our customer services team.
If a change was made to your account, between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, such as updating address details or payment information, then your information is at risk.
We recommend that all customers who logged in or updated any details on their account on VisionDirect.ie, between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018, contact their banks or credit card providers and follow their advice.
The data theft relates to customers who logged in or updated their accounts between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 only. We advise any concerned customers to contact their banks or credit card providers and follow their advice.
Vision Direct will send you a separate email from help@visiondirect.ie with instructions on how to update your password, if we believe your information has been compromised.
The incident has been resolved and all systems are working normally so customers are able to visit the VisionDirect.ie website and place orders as normal.
No, any orders placed during this time will still be processed. You should expect to receive your orders as normal.