Carpet retailer Carpetright has confirmed that it has been the victim of a cyber attack in the UK, adding to its recent attack in Europe.

The attack is understood to be a malware breach to gain authorised access to customer data. However, the retailer said that its network was taken offline, insisting that the virus was isolated before any data breach.

A note on Carpetright’s website and social channels states: “We’ve suffered a few tech problems this week. As a thank you for your patience, we’re offering an extra 10% off all orders, made in store before Friday 26th April.”

It is understood that staff and hundreds of customers were affected by the attack with some employees reportedly unable access their payroll information.  

A statement from Carpetright apologised for “any inconvenience caused”, adding that it was “unaware of customer or colleague data being impacted” and that it is “testing and resetting systems”, with “investigations ongoing”.

Earlier this year, the retailer suffered a data breach within its Netherlands division as well as in Belgium where hashed passwords may have been stolen.

As a precaution to that breach, the retailer reset all passwords following and engaged with security company NFIR to launch a forensic investigation into the attack and to determine whether any data has been downloaded.

Carpetright said the breach took place on 19 February 2024 on the back-end of its website, which was infected with unknown malware. Information including customer names, addresses and contact details are at risk following the breach, which could include 30,000 Carpetright account holders.

The retailer added that payment details were not in database that was impacted and has reported the incident to both the Dutch Data Protection Authority and the Belgian Data Protection Authority.