Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Shop online with Asda? Your personal details were left exposed

You might trust Asda to give you savings on groceries, but do you trust it with cybersecurity?

A vulnerability on Asda’s website left countless customers’ personal data exposed.

The flaw was spotted by security expert Paul Moore, who says that because Asda currently processes north of 200,000 online orders each week, over 19 million transactions could have been at risk.

Moore says he first spotted the problem as far back as March 2014, and let Walmart-owned Asda know about the issue.

He outlines the problem in a YouTube video below:

(YouTube)iaMOhbzYWAw(/YouTube)

At the time of posting the video, Moore said: “677 days after notifying Asda of several serious security flaws, they’re yet to deploy a fix.”

In response to the relevation, Asda told the BBC: “Asda and Walmart take the security of our websites very seriously. We are aware of the issue and have implemented changes to improve the security on our website.”

It continued: “The points flagged pose a low risk to customers and our monitoring of these security issues indicate that no customer information has been compromised over that two-year period.”

The firm added: “The small risk to customer information has been removed and an update has been applied, we’re now adding further enhancements which will be completed by this evening. In short, one of the two issues is fixed but nothing that remains poses any risk to any customer information or card details.”

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.