A fake Google Analytics script could have stolen the information of anyone using the site between the 3rd and 8th of November. Sites in Ireland, the Netherlands, France, Spain, Italy and Belgium were also affected.

Fake Google Analytics script that was placed in the Vision Direct website's code could have stolen the details of thousands of customers' card information.

The payment card numbers, expiry dates, and CVV codes (the three digit number on the back of the card) of anyone that visited the site between the 3rd and the 8th of November could have been affected.

The BBC reported that 6,600 customers could have had their financial details exposed, while another 9,700 people had their personal information stolen, but not their card details.

In a statement on Vision Direct's website, it said that "the personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV."

"We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise."

A spokesperson said that "this particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware."

"Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."

Any users that logged in or updated their details on the Vision Direct website should contact their bank or credit card providers; because the hackers gained CVV codes, which are usually a good indication that someone has the physical payment card, it would be much easier for them to access bank accounts or make payments.

The company has said that customers who had used PayPal to make purchases should have their payment information secure, although their personal information could still have been compromised.