Comentários do leitor

Meghan Markle's favourite jewellery brand Missoma hit by cyber-attack

por Shana Canipe (2022-08-16)

A jewellery brand popular with the Duchess of Sussex and other celebrities has been hit by a cyber raid, with the designer telling customers their details may have been put at risk, This is Money can reveal. 

In an email, Missoma told shoppers: 'third-party malicious software targeted the payments page of our website and inserted a code that was designed to capture information entered during the checkout process'.

Orders placed as long ago as September may have been affected, which is when one customer who received the warning email from Missoma purchased a birthday present from the store.

Missoma raid: Meghan Markle wore several items of jewellery from Missoma during a trip to Chichester in October 2018

The email has been confirmed to be genuine and tells recipients that 'your personal information, which may include your name, address, email address, long card number and CVV number, could have been made vulnerable.

'As a precautionary measure we're reaching out to our customers who made a purchase via our website during the period that this malicious code may have been active.' 

RELATED ARTICLES Share this article Share 96 shares HOW THIS IS MONEY CAN HELP

Those who purchased items on a credit or debit card may have had details stolen by the cyber criminals, but those who paid through PayPal have been unaffected.

The jewellery seller did not confirm in its email the exact period over which the cyber attack took place, only that the issue 'has been resolved' after it called in 'external cyber forensic experts'.

The British-based brand has been worn by the likes of Dua Lipa and Margot Robbie, and has been particularly popular with Meghan Markle. 

The Duchess of Sussex was pictured in a bracelet and signet ring from Missoma during a visit to Chichester last October.

The store ran a 25 per cent Black Friday discount last month which meant you could potentially get hold of an 18 carat gold ring the Duchess had worn for £34.

It is not known if the detail-harvesting software was still in effect over the Black Friday weekend, which could have led to a large number of shoppers having their payment details stolen. 

She was pictured in a gold leaf bracelet and an £85 signet ring, and has been pictured in other items of jewellery from Missoma

What should those affected do?

In its email, Missoma told customers who may have been affected to contact their bank or card provider to tell them their card details may have been compromised.

One customer told This is Money that they phoned their credit card provider who said to veer on the side of caution and cancel the card. 

Missoma also said: 'To better support you, we are also offering you free credit monitoring, via our expert partners CyberScout. 

The brand also been worn by actress Margot Robbie, as well as the singer Dua Lipa

'Through this you will be able to receive regular alerts to notify you if there are significant changes on your credit report.'

It has set up a US helpline as well as a UK one, suggesting that customers have been around the world.

Jake Moore, a cybersecurity expert at anti-virus provider ESET, said: 'If you may have fallen victim to this attack, it would be a good idea to use the card monitoring service offered - or better still, cancel the card that was used.

'Once card information like this is stolen, it's a race against time for the criminals to start using it before the owner is notified and cancels it.'

The 18 carat gold ring worn by Meghan Markle for sale on Missoma's website for £85

What did Missoma say?

In its email, the brand told potentially affected customers: 'As soon as Missoma became aware of this, we immediately engaged external cyber forensic experts, who have now concluded their investigation into this criminal activity and the issue has been resolved.

'We have informed the relevant authorities and the Police via Action Fraud, as well as the Information Commissioner's Office, the UK's data protection authority.

'Our external cyber experts have also assisted us in further strengthening our systems.' 

This is Money asked Missoma if it could confirm the period over which the malicious software was in operation, but it did not detail the timeframe. 

It said: 'We can confirm that our website has been the target of a sophisticated security incident. The issue has now been resolved.

'This has only affected a small proportion of our customers, and we have already contacted all customers who may have been affected. 

'It is important to note that any customers who have not received an email from us, have no reason to be concerned.'