Cyber Security

Cyber Security Incident

We continue to investigate, as a matter of urgency, the theft of customer data between 7th March 2020 and 30th March 2020 from robertdyas.co.uk.  The stolen data included personal and financial details of some customers during that period. This matter has been reported to the relevant authorities.

It is with deep regret that this criminal activity has taken place, but please be assured that we have taken prompt action to ensure that our site is secure and safe to use.

How do I know if I have been affected?

We have directly contacted customers by email who placed orders on robertdyas.co.uk between 7th March 2020 and 30th March 2020 who have been affected.

What should I do if I think I’ve been affected?

We recommend any customers who believe they may have been affected to contact their bank or credit card provider and follow their recommendations as a precaution.

What data has been affected?

Personal and credit and debit card details of customers placing orders on robertdyas.co.uk between 7th March 2020 and 30th March 2020 have been exposed. This includes cardholder name, billing address, telephone number, email address and card details.

No password information has been accessed, nor any details of purchases or transactions made by you.

Do I need to change my Password?

No password information was accessed, but if you wish to change your password, you can do this by going to the home page at www.robertdyas.co.uk and clicking on My Account, which is in the top right-hand corner. You will then be able to change your password there.

What actions have Robert Dyas taken?

As soon as Robert Dyas became aware of the suspicious activity, our website security team took immediate steps to close the vulnerability, so that no further data could be accessed.

Our IT Team is continually monitoring the site and running security scans.

We immediately informed our Merchant Services Provider - who manages all our credit or debit card payments online once we became aware of the data accessed. They were provided with the card details of those impacted and have informed your payment provider.

We have also notified the Information Commissioner’s Office, the regulator of data protection in the UK.

We have appointed a Payment Card Industry Forensic Investigator (PFI) to carry out an independent investigation into this matter.

Are bank or credit card details automatically stored on robertdyas.co.uk?

No credit/bank details are ever stored on our site. This fraudulent activity took place during the process of submitting the payment on to the site.

Does this affect transactions made in any of your stores or contact centres?

No, this incident was limited to robertdyas.co.uk only to orders placed between the 7th March 2020 and the 30th March 2020.

Do I need to cancel my bank or credit cards?

We recommend that customers who placed orders on robertdyas.co.uk between 7th March 2020 and 30th March 2020 contact their bank or credit card providers and follow their recommendations as a precaution, as they would be best placed to advise you.

I placed an order on robertdyas.co.uk outside of this time period and am concerned. What should I do?

This was a specific attack on our system during 7th March 2020 to 30th March 2020 and no other data was impacted.

Does this impact the order I placed or future orders?

No, all orders will be fulfilled as normal.

Will I be reimbursed?

We take the protection of our customers’ data seriously and are very sorry for the concern that this criminal activity has caused. No customer will be out of pocket as a direct result of the criminal theft of data from our site. Customers will be reimbursed for any fraudulent activity on their accounts as a direct result of the data theft and we shall advise the process of this in due course.

What added precautions can I take?

You should check your bank/credit card statements for any suspicious activities and contact your bank immediately if you spot anything you are unsure about.

Be extra vigilant of fraudsters, we will not be calling any customers asking for payment card details and any such request should be reported to your bank and the relevant authorities.

If you believe you are a victim of fraudulent activity, you should contact your bank immediately and report the incident to Action Fraud: https://www.actionfraud.police.uk

How do I get in touch with Robert Dyas about this?

If you would like to contact Robert Dyas regarding the security incident please email us at: [email protected].