PDA

View Full Version : Force 4 data breach


Squeegee Longtail
28th Sep 2018, 12:56
Having been a potential victim with BA recently, I have received this today from a small (ish) boat chandlery.
Is this stuff widespread all of a sudden, or are they only now reporting it due to the new data protection laws?
its a right pain in the backside either way.

https://gallery.mailchimp.com/6ae78520b0da88cc8b64bb202/images/c8687075-e71a-44c3-87c0-f003f884407c.jpg (https://force4.us13.list-manage.com/track/click?u=6ae78520b0da88cc8b64bb202&id=9b8f11e447&e=f16add1a27)

Dear (My name)

It is with great regret that I email you today to inform you of a potential breach of data on our website, on any orders made between 09:55 BST August 6th 2018 to 16:55 BST September 27th 2018.

The stolen data may have contained personal and financial data. If you believe you may have been affected we recommend you contact your bank or credit card provider immediately and follow their advice.

We understand this incident will cause concern and inconvenience, and we are truly sorry such an incident has occurred. We are still at the early stages of the investigation, it has been reported to the ICO and we are working with the relevant authorities.

Please be assured our website is now working normally.

It is our understanding PayPal transactions are not affected but we feel it would be prudent to update your passwords just in case.

Please make sure that you reset any shared passwords on other sites including our own. Our mail order team can help you with this on our website if needed.

Please be aware of potential phishing emails and do not respond to any emails identifying themselves as Force 4 asking for any bank details, we would never ask for them. Those emails should be reported to the police.

Our Mail Order team will help in any way they can but please be advised they do not know any more information at present that is not already in this email.

Kind regards,
Lawrence Parr
Managing Director
Force 4 Chandlery

Pontius Navigator
29th Sep 2018, 08:16
Is it a genuine letter from a firm you deal with? There is always a danger that the graphic contains a Trojan virus with a keyboard logger etc.

Eebygumcaptain
29th Sep 2018, 22:22
Iíve received the same email. Iíve been a Force4 customer for 10+ years and also made an order during this period so Iím potentially affected. It looks very genuine to me.

Iíve asked Force4 via twitter to confirm it is genuine.

Their website does not have any specific news section for press releases etc. Putting the email out on a Friday is a classic PR trick of getting it out below the radar.

Tbis looks to be a very similar to the BA breach in that the times of the breach are very specific. If your familiar with the BA breach, a law firm is taking up a class action.

Personally this is the third time in 12 months that Iíve been notified that my personal details have been comprised... and one of those was from a credit agency Equifax who admitted that I was a number of UK individuals who had their details stored offshore when their systems were breached.

Iíve worked in IT for 30 years, working for banks and government departments and aware of how these incidents happen and itís about time these companies were held to account.

Eebygumcaptain
1st Oct 2018, 10:53
Iíve had confirmation from @Force4Chandlery that the email re Ďpotential breach of data on their website, on any orders made between 09:55 BST August 6th 2018 to 16:55 BST September 27th 2018í is genuine.

Why no tweet, update on their website to alert customers?

@NCSC @ICOnews #force4databreach

BizJetJock
1st Oct 2018, 15:52
I got the same email, and was planning to check with them this morning when I got a text from my bank saying that they had been notified directly. That suggests it is genuine, but I cancelled the card with the bank myself as well just to be sure...