Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • quaybab
    • By quaybab 4th Nov 13, 4:19 PM
    • 85Posts
    • 16Thanks
    quaybab
    Santander data leak or address book assault ? AKA Direct Debiting Seminar Invite.
    • #1
    • 4th Nov 13, 4:19 PM
    Santander data leak or address book assault ? AKA Direct Debiting Seminar Invite. 4th Nov 13 at 4:19 PM
    Received a number of messages to disposable email addresses used with Santander, subsidiaries and previous successful acquisition targets titled "Direct Debiting Seminar Invite". Message originates from a US IP and the body mentions Natwest and the zip attachment is allegedly a trojan.

    By the looks of it, it is a leak of old data, stolen HD etc.
Page 3
  • Money-Saving-King
    NO it also refers to several Reg readers - Paul & Andrew. And it does link to this thread to offer further proof.

    A statement from Santander confirms that they are investigating a potential breach.
    Originally posted by block10
    It just seems funny it's only that and this thread. I wouldn't be surprised if one of thems the op & the other is also someone on this thread.
  • jamesd
    I wouldn't be surprised if one of thems the op & the other is also someone on this thread.
    Originally posted by Money-Saving-King
    Since I'm neither of those and am also affected using an address only ever supplied to A&L and hence to Santander you need another theory. In my case it's an email that claims to be from Fedex about a delivery and wanting me to verify my identity by visiting some web site that I've no intention of ever visiting.
    • Pound
    • By Pound 23rd Dec 13, 11:29 AM
    • 2,540 Posts
    • 1,222 Thanks
    Pound
    I wish i could find out who is leaking my mobile number to PPI and accident claim companies.

    • robatwork
    • By robatwork 23rd Dec 13, 2:46 PM
    • 3,360 Posts
    • 3,566 Thanks
    robatwork
    I wish i could find out who is leaking my mobile number to PPI and accident claim companies.
    Originally posted by Pound


    Probably nobody.


    My theory is they just start at 07000 000000 and work their way to 07999 999999.


    I guess they will hit yours at some point.
    • LardyCake
    • By LardyCake 7th Jan 14, 7:12 PM
    • 276 Posts
    • 131 Thanks
    LardyCake
    Like others on this thread I had the scam emails (caught in spam filter) sent to an email address used only for Santander.

    I got this genuine email from Santander today:

    ------------------------------------------------------------
    "Subject: email scam and advice if you're targeted

    Dear my correct name

    To make sure your personal details and computer aren't compromised, we wanted to make you aware of a significant email scam that's being received by some of our customers at the moment.

    How to recognise the email
    The email has an attachment which appears to be correspondence linked to the email.

    All official emails from us will address you by name. If an email that says it's from us doesn't do this, don't open any attachments within it.

    What does the attachment do if it's opened?
    It can install a virus which will encrypt your computer files and the files on your local network. Once encrypted, the computer will display a screen with a count down timer and ask for a ransom payment for the decryption key to allow you to access your files.


    What's being done about the email?
    The National Crime Agency's National Cyber Crime Unit (NCCU) is aware of the email and is working hard to trace the source. Until they do, this email has been assessed as a significant risk. Anyone who is infected with this malware should report it via www.actionfraud.police.uk

    What should I do if I get the email?
    Forward it to us at phishing@santander.co.uk

    If you open the attachment, the NCCU says it would never endorse paying the ransom and there's no guarantee the fraudsters would give you the decryption key. Instead you should:

    • help the NCCU find the source of the emails by reporting it at www.actionfraud.police.uk
    • disconnect the computer from the network
    • get your computer professionally cleaned.

    Some anti-virus companies will offer corrective software solutions but won't restore any encrypted files."

    Read more advice at getsafeonline.org.uk

    Other ways to protect yourself
    There are some preventative measures you can take to protect yourself.

    Update your anti-virus and operating system with the latest versions
    These will include any updates needed to protect you against new threats since the last time your software was installed.

    Back up your files regularly
    By preserving them off the network, they'll be safe if your computer does ever become infected.

    I have Trusteer Rapport. Will this protect me?
    Trusteer Rapport protects you against viruses that try to steal your banking log on details. This virus is different in that it doesn't steal anything but tries to hold you to ransom. As Trusteer Rapport isn't designed for this type of virus it doesn't protect you against it.

    Questions
    If you're unsure if an email is from us, or have any other questions about this issue, contact us on 0845 600 4388. Lines are open 7am to 11pm Monday to Saturday and 9am to 9pm Sunday.


    Yours sincerely

    Santander Customer Services"
    ------------------------------------------------------------

    Draw your own conclusions...
    • Pound
    • By Pound 7th Jan 14, 10:43 PM
    • 2,540 Posts
    • 1,222 Thanks
    Pound
    Probably nobody.


    My theory is they just start at 07000 000000 and work their way to 07999 999999.


    I guess they will hit yours at some point.
    Originally posted by robatwork
    But they know my name...

  • humptydumpty123
    Abbey National customer data leak
    I also just received spam email from the amusingly named Wankaner Valentino to a disposable email address I used for an abbey national account. They seemed to have my surname too (see below).

    Santander's email above says
    "All official emails from us will address you by name. If an email that says it's from us doesn't do this, don't open any attachments within it."
    Given that the leaked database includes surnames (and possibly more), that advice is woefully inadequate.

    ---------

    From: Wankaner Valentino [mailto:wankanerkvalentino@outlook.com]
    Sent: 24 January 2014 12:48
    To: <...>
    Subject: <my surname>

    Hello,
    Today our Company, MVL Company, is in need of sales representatives in United Kingdom.

    Our Company deals with designer goods and branded items. We've been providing our customers with exclusive products for more than five years, and we believe that the applicant for the position must have great communication skills, motivation, desire to earn money and will to go up the ladder. All charges related to this opening are covered by the Company. Your main duties include administrative support on orders and correspondence, controlling purchase orders and expense reports.

    Part-time job salary constitutes 460GBP a week.
    Full-time job is up to 750GBP per week .
    Plus we have bonus system for the best workers!

    To apply for the vacancy or to get more details about it, please email us directly back to this email.

    Hope to hear from you soon!
    Best regards,
    Wankaner Valentino
    Last edited by humptydumpty123; 24-01-2014 at 2:01 PM. Reason: update
    • Stompa
    • By Stompa 24th Jan 14, 2:05 PM
    • 7,464 Posts
    • 3,596 Thanks
    Stompa
    I also just received spam email from the amusingly named Wankaner Valentino to a disposable email address I used for an abbey national account. They seemed to have my surname too (see below).
    Originally posted by humptydumpty123
    Hmmm, same email here this morning, though mine was from 'Aijian Tyesha'.
    Stompa
  • spatchcock
    {my name} New Role! Work Close to Home
    I just received two versions of the same spam message to two different 'disposable' addresses. One version was only ever supplied to Alliance and Leicester and the other was only ever supplied to Abbey. Obviously both of these accounts were eventually merged into Santander. The case couldn't be clearer! I've emailed phishing@santander.co.uk, but perhaps I won't hold my breath. Should I be making a compensation claim?
  • mynewaccount
    Since this afternoon I've received THREE copies of the "MVL Company" recruiting email, one sent to an email address I only gave to Alliance & Leicester, one sent to an email address I only gave to Cahoot, and one sent to an email address I only gave to Santander.

    Each email had my correct surname as the subject line.

    Santander have SERIOUS questions to answer - I'm surprised this thread has been running for so long. How come this isn't major news? It doesn't take a genius to work out what has happened here - so how many customers are affected and what other personal information has been taken? What is at risk?
  • itsbeenawhile
    Me too
    A email address I used for cahoot received the MVL spam, I raised it with cahoot who gave a 'not our fault' reply.

    A couple of hours later an email address I used for Abbey (and may well still use for Santander) received the same spam.

    No other matches. Both emails use my surname.

    The data has definitely been compromised.

    I suspect they already know and are trying to keep the lid on it.
    • Funkyfreddy
    • By Funkyfreddy 24th Jan 14, 9:36 PM
    • 304 Posts
    • 110 Thanks
    Funkyfreddy
    Since this afternoon I've received THREE copies of the "MVL Company" recruiting email, one sent to an email address I only gave to Alliance & Leicester, one sent to an email address I only gave to Cahoot, and one sent to an email address I only gave to Santander.

    Each email had my correct surname as the subject line.

    Santander have SERIOUS questions to answer - I'm surprised this thread has been running for so long. How come this isn't major news? It doesn't take a genius to work out what has happened here - so how many customers are affected and what other personal information has been taken? What is at risk?
    Originally posted by mynewaccount
    Likewise here, received the same genuine email from Santander a week or so ago as quoted by LardyCake - this morning received the same MVL offer !

    >From: Burgess Catomeris <burgesszsecatomeris@outlook.com>
    >To: <My Email Address with Santander>
    >Subject: <My Surname - no initials>

    I'd seen this thread when originally posted but until today not received anything. What additional information other than email contact has been compromised ?

    Needs a spotlight shone on it surely.

    FF
    • Chris2000
    • By Chris2000 25th Jan 14, 4:11 PM
    • 315 Posts
    • 89 Thanks
    Chris2000
    I've also had the Natwest Direct Debiting Seminar, Fedex etc. emails to my unique Santander email address but not my cahoot one.

    The data leak is relatively recent, I only registered that email domain in 2013.

    Someone at Santander must be taking this very seriously.
    • Lomcevak
    • By Lomcevak 25th Jan 14, 4:17 PM
    • 605 Posts
    • 3,737 Thanks
    Lomcevak
    Someone at Santander must be taking this very seriously.
    Well they refused to listen to my complaint, so not sure ... just denied everything and said that due to data protection they would not share my email details. Except they have...
    MFiT-T4#126, £135k to 60k: £23,965/£75,000(31.96%), 2016 MFW#12 £12,000/£12,000 (100.00%)
    £30k-in-’15#56 £31,845.60/£30,000 (106.15%)
    • bonzer
    • By bonzer 25th Jan 14, 5:02 PM
    • 399 Posts
    • 194 Thanks
    bonzer
    I received the "MVL Company" spam that contained my surname as the subject line. It was to a unique address only given to Santander (originally to Abbey). My surname does not feature in the e-mail address so they must have the associated names as well.

    There's a few people complaining about this on Santander's Facebook page:

    https://www.facebook.com/santanderuk?filter=2

    • Pound
    • By Pound 25th Jan 14, 6:33 PM
    • 2,540 Posts
    • 1,222 Thanks
    Pound
    I haven't had the MVL email but I got a couple others about a month ago, also sent to an address only used with Santander

    Update Your Natwest Account

    DHL.Inc: Delivery Status ID

    • handsoff
    • By handsoff 26th Jan 14, 8:49 AM
    • 7 Posts
    • 1 Thanks
    handsoff
    I received the MVL email yesterday to a disposable email I only used for Santander. It was registered on Santander from 7 July 13, when I opened my first account, to 7 Aug 13 when I changed to another email address. The old email was still active which is why the MVL email could be delivered. It addressed me by surname.
  • fandango99
    More Santander Data Breach
    I received a message yesterday purporting to be from HMRC, with a ZIP file containing a *.exe file.

    The address it went to was exclusively registered on santander.co.uk for online banking, no one else has that address and it is not set up on any e-mail client. The IP address the spam originated from seems to be set up on a server in Hanoi, Vietnam.

    Calling Santander to report this resulted in the usual blame shifting exercise, so reported it to National Crime Agency.

    I wonder how long it will take for Santander to take some action over this breach. Not holding my breath.

    Regards
    Karl
  • Uxb
    You could try the Information Commissioner.

    I suspect it will actually be one of Santander marketing partners rather than the bank itself where the leak has occurred.
    When we all get marketing and information emails from just about anyone it is never sent from the firms themselves. it will always be from some company acting on behalf of the firm sending out the stuff who do this as their business.

    Not that this exempts Santander at all, as it's their responsibility to ensure they and their partners/subcontractor handle all our data securely
    So it will only be the email address compromised - which is bad enough.
  • innovate
    Who has experienced what financial loss from these data leaks?

    Let's pool resources for a concerted complaint!

    please post the date and amount you lost in real money from your account, together with the email address of the scammer and the date of the scammer's email, and the crime reference number you got from the police or from Actionfraud.com.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

700Posts Today

4,249Users online

Martin's Twitter