Vision Direct, one of Europe's biggest online seller of contact lenses and eye care products, fell foul to a Google Analytics hack over the last few weeks which exposed thousands of its customers' personal data including payment card numbers, expiry dates and CVV codes.
The company has identified 16,300 people as being at risk. This includes anyone who had entered their details into its site between 3 and 8 November who could be affected. The hack didn't just involve the organisation's UK site, it also affected versions of the site targetting Ireland, the Netherlands, France, Spain, Italy and Belgium.
A spokeswoman for Vision Direct told the BBC that 6,600 customers were believed to have had their financial data compromised, while a further 9,700 people had had personal data but not card details exposed.
Because the retailer stored their customer's CVV codes with the personal and card data, the breach is particularly serious. Customers that used Paypal would have had their personal details exposed but not their payment details.
The UK's data watchdog has been contacted regarding the hack and Vision Direct have promised to compensate any customers who have suffered financial loss as a result of this breach.