THE country’s biggest double glazing installer has been hit by a cyber attack as spies warn of a threat from Russian hackers linked to fears of military action against Ukraine.

Safestyle UK – known for its ‘You buy one, you get one free’ advertising campaign – is understood to have been targeted in a ‘ransomware’ attack.

Hackers, suspected of being from Russia, stole as many as 400,000 customer details, sources said, and threatened to sell the data on the dark web unless the firm handed over £4million in Bitcoin, the cryptocurrency.

The information is thought to include names, email addresses and phone numbers. Safestyle said it was working with police and regulators as it investigated a ‘cyber-incident’. It stressed that customers’ financial details were not compromised.

The Bradford-based company took part of its website and IT system offline, leaving angry customers taking to social media to demand to know when their windows would be delivered.

Jake Moore, of ESET, a cyber security firm, said that ransomware attacks had surged during the

‘A lucrative activity for such gangs’

pandemic. ‘Online retailers are attractive to cybercriminals because they have highly sensitive data about customers,’ he said. ‘Companies being held to ransom are also losing revenue because systems are down, so they have to decide quickly what the least worst option is. Often, that is to pay up.

‘Unfortunately it means it is a lucrative activity for such gangs.’ Mr Moore said firms could reduce risks with better IT security and by asking staff not to open links or attachments on emails from senders they do not trust.

Police can find hunting down the hackers almost impossible as ransom payments made in cryptocurrency leave no electronic trace.

Angry Safestyle UK customers began complaining about being unable to contact the company at the start of the week, with one saying he had ‘spent the last 24 hours plus calling and emailing and getting no replies’.

A company source said that staff had ‘no emails, their phones aren’t working and it’s been like that for three or four days’.

Safestyle could be fined up to £17.5million from the Information Commissioner’s Office (ICO) for the data breach, but experts said that the regulator would be ‘lenient’ if criminals were to blame.

The attack comes after the National Cyber Security Centre – part of GCHQ – warned yesterday that ‘malicious cyber incidents in Ukraine’ could have an impact in the UK.