Asda says it has rectified several security website vulnerabilities that were identified by an information security consultant.
The consultant, Paul Moore, blogged on Monday that he contacted the supermarket group in March 2014 to report the “vulnerabilities” and despite a fix promised “in the next few weeks”, little appeared to have changed.
He wrote that two of the simplest and most prevalent problems allowed an attacker to “quickly and effectively” collect personal information and full payment details.
He wrote that it was difficult to know if details had been stolen unless the attacker used the information very shortly after the breach so that it was reasonable to assume a link between the two.
The Grocer understands that Asda has multiple layers of security in place on its grocery website and has recently added further protection.
Asda insiders insisted there was no evidence of any customer information being compromised as a result of the issues, and it believed there was no prospect of “a scale security breach”.
“Asda and Walmart take the security of our websites very seriously. We are aware of the issue and have implemented changes to improve the security on our website,” said an Asda spokesman.