Classic Football Shirts warns customers of scam

By Beth Timmins
BBC News

Published
image copyrightGetty Images

A firm selling retro football team shirts and merchandise has apologised to customers after a cyber-security attack accessed their data.

Classic Football Shirts said customers' details had been accessed through one of its third party providers' systems.

Some customers complained of receiving emails offering cashback on their previous orders.

The firm is now telling customers not to follow the link if they have received the cashback phishing email.

Classic Football Shirts said it became aware of the cashback emails at 20:30 on Thursday night - half an hour after they were sent.

The firm believes password data and payment information has not been compromised.

But in a Twitter post, the company urged customers to be "vigilant" and contact their bank to cancel their cards if they supplied their card information on the link from the cashback form.

image copyrightGetty Images

The clothes business said payment information was "never stored on their system" and apologised for the "inconvenience caused".

But many customers commented with concern that scammers were able to access their names, addresses, email addresses and order history.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

Some customers commented that they became aware it was a phishing email after noticing an extra "s" in the email address:@classicsfootballshirts.co.uk

Others, after placing an order had noticed that the email offering cashback was from orders@classicsfootballshirts.co.uk rather than classicfootballshirts.co.uk.

One customer, Fernando Paredes, told the BBC he saw that $700 (£504) was taken from his account. He cancelled the credit card and his bank is investigating the transaction.

Mr Paredes bought a football shirt from the online store on 14 March to be shipped to his address in Peru. He says received the phishing email and did not notice the extra "s".

"The company did well making a statement about the breach," he adds, but says he is still "concerned about the third party provider's systems".

Customers also commented that it was "unprofessional" and that they were "worried" that their information was not properly protected.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

Classic Football Shirts did not immediately respond to the BBC with an estimate of how many customers had been affected.

The Manchester-based firm was started in 2006 by two students. Its website says it has the world's largest collection of football shirts, with a product range of 30,000 individual items and more than 500,000 units available in stock.

More on this story