Nearly 100,000 customers of Staysure have had their personal details compromised after the travel insurance company suffered a cyber attack towards the end of last year.
Card payment details of customers who purchased insurance from Staysure before May 2012 were stolen, including CVV details (the three digit number on the back of a card required to make purchases) and customer names and addresses.
From May 2012 Staysure no longer stored this type of data.
Although the attack took place during October 2013, the company only became aware of the problem on 14th November and only wrote to customers impacted by the problem in December.
The Financial Conduct Authority, the Information Commissioner's Office and Police have all been informed of the breach.
"We immediately hired independent forensic data experts to fully ascertain the extent of the problem and have written to 93,389 affected customers, which represents fewer than 7 percent of our customer base, to warn them and ask them to check that they have not been the victims of any fraud as a result," said Ryan Howsam, chief executive officer of Staysure.
The company has offered affected customers free access to Data Patrol, an identity fraud monitoring service provided by Experian.
"We continue to work with those groups and independent security experts. We immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future," said Howsam.
"We are deeply sorry that this has happened and are working diligently to make sure that inconvenience to customers is minimised."
This breach is the latest in a string of cyber attacks against firms holding customer data, where most recently a leading loyalty card provider based in Ireland suffered an attack that potentially impacted thousands of customers.
Sign up for CIO Asia eNewsletters.