• No, I'm fucked off because a bunch of my details have been compromised because of something they or one of their providers did and they're being cagey about calling it spam rather than a breach. You're legally obliged to report data breaches.

    Aha, I've just checked my email and it seems my pestering has got them to fess up to the breach.

  • "As I keep telling you, this is no normal spam or phishing email. This was sent to an email address I created explicitly for dealing with your company - look at the "+phd" on my PHD sales email.
    The dodgy email was sent to this email address and contained my name, address and phone number. This means the attackers have compromised your systems, your email sending systems or possibly your payment systems to extract this information.
    It is not information that could've just been harvested off the internet unless of course you had this information in some kind of publicly exposed form. So which is it? What other information of mine was compromised?

    You need to start reading this: https://ico.org.uk/for-organisations/guide-to-pecr/communications-networks-and-services/security-breaches/ get some data forensics done to find out what was compromised and stop with the "spam" story.

    I look forward to your response."


    Dear PHD Customer

    Unfortunately, as is increasingly common these days, PHD have been targeted by hackers. They have stolen some of our customers’ email and postal address (but NOT debit/credit card details).*

    They also targeted our website with a distributed denial-of-service attack.

    If you have received an email asking you to pay for postage to receive a free sleeping bag, DO NOT input your debit/credit card details. This is a phishing email intended to try to harvest your debit/credit card details.

    If you have inputted your debit/credit card details on the phishing website to try to claim the free sleeping bag, please contact your bank as soon as possible to tell them that your card details may have been stolen.

    We have already spoken with a security expert, the UK police and our web hosting company and are working hard to find out more about how this attack took place.

    The PHD Team

    [Apologies for cross-posting, but we wanted to make sure all our customers received the latest information on this attack as soon as possible]

    • We do not hold any of our customers’ debit/credit card details. All transactions are passed through our payment provider PayPoint.
About

Avatar for skinny @skinny started