Investigators are racing to establish whether the intruder who hacked into a server at Gloucester-based web host Fasthosts stole banking information.
The breach was revealed yesterday. Fasthosts has told customers to change all their passwords, which were not encrypted.
Fasthosts has not revealed whether the attacker gained access to credit card and banking information, either belonging to its customers, or customers of the websites it hosts. It said it did not want to risk prejudicing the police inquiry.
Fasthosts added: "Since detecting the intrusion, Fasthosts has and continues to work with the credit card bodies to flag up that a network intrusion has occurred. If there is any risk to customers' payment details, customers will be contacted by their bank or credit card company directly."
Gloucestershire police said this morning that the hack is being investigated by the High Tech Crime Unit. More details are expected to be released as the investigation proceeds, it added.
Visa told The Reg it is aware of the breach and is working with card issuers to investigate whether their customers are affected. ®