A cybersecurity attack targeting New World Clubcard accounts has led to a warning for customers to update their passwords. The supermarket’s parent company, Foodstuffs, revealed that external scammers attempted to breach accounts by using commonly known passwords. While most accounts were unaffected, those with weaker or reused passwords may have been compromised, with some accounts potentially accessed without authorization. New World has advised all customers to change their passwords as a precautionary measure to enhance their online security.
The incident began on a Friday night when New World Clubcard members received an email detailing the security alert. The communication from the supermarket explicitly stated that a “recent” cybersecurity incident had impacted “a number of New World Clubcard accounts.” The email clarified that their technology team had detected “suspicious external activity” involving scammers who were “attempting to gain access to accounts by trying commonly used passwords across many usernames.” This suggests that the attackers likely leveraged credentials obtained from other data breaches, rather than directly breaching New World’s systems.
Based on their internal investigation, New World concluded that “some New World Clubcard accounts with weaker or reused passwords may have been accessed, without the cardholder’s authorisation.” This highlights the critical importance of using unique and strong passwords for all online services to mitigate risks from such credential-stuffing attacks. Even if a company’s systems are not directly breached, customers can still be vulnerable if they reuse passwords across multiple platforms.
While the majority of customers were informed that their accounts had not been affected by the breach, New World strongly recommended that all users change their passwords immediately as a preventative security measure. The supermarket emphasized that their own internal systems had not been compromised and that their technology team was actively monitoring for any further “malicious activity.” This proactive approach aims to reassure customers and prevent future incidents.
New World, under the ownership of Foodstuffs, confirmed that they are actively collaborating with cybersecurity experts to further secure customer data and enhance their existing security protocols. They issued a sincere apology for any inconvenience caused, reiterating that “Your privacy and security are extremely important to us, we have taken these actions to protect you, and strongly recommend you [establish] a refreshed and strong password.” This ongoing collaboration with experts underscores their commitment to safeguarding sensitive customer information.
Reference:
