Jewson Builders Merchants admits possible customer data breach

Builders Merchants chain Jewson has suffered a security breach that may have compromised customer data.

Affecting the Jewson Direct website only, the breach was discovered on 3 November 2017 and Jewson has been in touch with 1,659 customers who may have been affected.

It's unclear whether the breach has anything to do with the cyberattack on Jewson in June of this year, which was part of a wider attack that affected the NHS, Maersk and other large scale companies.

News site The Register appears to have broken the news, but Jewson now has a public statement on the breach.

The Saint Gobain-owned business has over 600 branches across the UK.

Full statement from Jewson

"The Jewson Direct website (formerly the Jewson Tools website at  www.jewsondirect.co.uk) has suffered a security breach and, as a result, customer data may have been compromised.

"The breach was discovered on 3 November 2017. On becoming aware of the breach, we have temporarily shut down the website www.jewsondirect.co.uk.

"We have notified 1,659 customers whose data may have been compromised and are offering free credit monitoring to those affected to help detect any potential misuse of data in the future.

"Only the Jewson Direct website was affected by the security breach.

"Our main website www.jewson.co.uk , our credit account customers and transactions across our branch network are not affected by the security breach and are operating normally.

"We have commissioned a forensic investigation into the breach using a specialist firm and the Jewson Direct (formerly the Jewson Tools website) will remain offline until the investigation has been completed.

"We sincerely apologise for the distress and inconvenience this security breach has caused to those customers affected."