The Hack Letter from mobiles.co.uk

crankup

[STRIKE][/STRIKE]Important message from Mobiles.co.uk

Dear Customer,

I am writing to you as a precaution after we discovered on the 5th of August that some of our IT systems had been subjected to a sophisticated cyber attack.

We immediately took action to secure these systems and launched a full investigation with a leading cyber security firm to help us understand the impact of this attack. Our investigation is still going on.

At this stage, our investigation indicates that some of the data held on our systems has been accessed and this may include some of your personal details, including your name, address, date of birth, bank and encrypted credit card details.

We take the security of your data extremely seriously, and we have put in place additional security measures to prevent further attacks. Nevertheless, we felt it was important to let you know as soon as possible.

To reduce the risk of fraudulent activity, we strongly advise you to notify your bank and credit card company. We also recommend that you take the following steps:

• Check for suspicious or unexpected online or account activity
• Be wary of anyone calling asking for personal information, bank details or passwords
• You can check your credit rating make sure no one has applied for credit in your name. You can do this by visiting Experian or Equifax

If you think you have been a victim of fraud you should report it to Action Fraud, the UK's national fraud and internet crime reporting centre, on 0300 123 2040.

I appreciate that this is potentially concerning for you and I am very sorry that this attack on us has caused this inconvenience.

Yours sincerely

Bobbie Bhogal
Managing Director


Look at all things YOU can do because of THEIR massive !!!!-up.

Also see what Talk Talk have to say about the passwords that they store:-
https://twitter.com/TalkTalkCare/status/630093277144948736

They are in clear text. No need for a "sophisticated" hack then!

Anyone got a contact for our Bobbie Bhogal? Direct phone or proper email address? I'd like them to pay for Experian access for all of us. And compensate us for the hassle of cancelling credit cards.
Also explain why they are storing bank and CC details after the transacations are completed.

In the meantime, dont forget to have strong passwords everyone.....unless you have a TT/CPW-related account in which case it means nothing due to their cheap, unmaintained IT infrastructure.

"We immediately took action to secure these systems" - ie turned them off. Installed the hotfixes that hadn't been done [STRIKE]in a few months[/STRIKE] ever .....jokers...:mad:

AdamM

One thing I am interested to find out is whether this is considered a breach of contract on their part, therefore allowing those effected to cancel without penalty?

I for one want to sever all ties to a company that unsuccessfully keeps my details, which in reality they shouldn't really need to keep in the first place

mobilejunkie

Nonsense. Has nothing whatever to do with the network contract.

agarnett

mobilejunkie wrote: »

Nonsense. Has nothing whatever to do with the network contract.

And you can can qualify your rather rash assertion, can you?

This is a bloody serious breach of trust which has caused enormous as yet untold risk for hundreds of thousands of people - this isn't just restricted to mobiles.co.uk customers - it's Talk Talk landline customers, Talkmobile customers, and it affects especially the elderly who have never changed their bank accounts since the year dot. For some ridiculous reason, this shoestring budget telecoms company that never grew up but the founder got a knighthood for being quick on his feet, was illegally storing irrelevant data such as "time with bank", and too much other CRA obtained data which might even be enough for the perps to hack into the CRA records too. What sh|ts. They didn't even disclose this in their letter.

Silk

agarnett wrote: »

And you can can qualify your rather rash assertion, can you?

He doesn't need to ...mobiles.co.uk are third party sellers, the contract is with the Network NOT mobiles.co.uk.
So why should a Network cancel a contract because some sales company has been hacked ?

mobilejunkie

agarnett wrote: »

And you can can qualify your rather rash assertion, can you?

This is a bloody serious breach of trust which has caused enormous as yet untold risk for hundreds of thousands of people - this isn't just restricted to mobiles.co.uk customers - it's Talk Talk landline customers, Talkmobile customers, and it affects especially the elderly who have never changed their bank accounts since the year dot. For some ridiculous reason, this shoestring budget telecoms company that never grew up but the founder got a knighthood for being quick on his feet, was illegally storing irrelevant data such as "time with bank", and too much other CRA obtained data which might even be enough for the perps to hack into the CRA records too. What sh|ts. They didn't even disclose this in their letter.

A typical rant from someone who panicks and has no understanding of how companies or contracts work.

I am one of those affected - several times over - but it wouldn't stop me ordering again. If you are frightened of personal details being hacked from ANY company stop using the internet and abandon plastic. You will still be at risk to some degree even then.

agarnett

He doesn't need to ...mobiles.co.uk are third party sellers, the contract is with the Network NOT mobiles.co.uk.
So why should a Network cancel a contract because some sales company has been hacked ?

"Some sales company"? Would that be just one entity that sells smartphones to not so smart posters on MSE and the country generally?

Who d'ya think set up mobiles.co.uk ? Methinks mobiles.co.uk = CarPhone Warehouse.

Why do I know this off the top of my head (just now Googled to make sure) but you don't, Silk ?

No matter who the network is, the network is one entity that no doubt agreed that their airtime selling agent should conduct credit searches as part of the setting up of contracts, and apparently to then store that CRA acquired data willy-nilly. They're all in it together, see ...

Now my contract with them only costs only £1 per month so I shan't be taking it back anytime soon, but if I was a new customer I'd be thinking of telling them where to shove their shiney 5.5". As for my elderly parents on a TalkTalk landline contract, I really don't know what I can do. My parents simply do not understand how data breaches like this make them vulnerable. They are never going to change their bank details or their phone company at their time of life. But they'll likely get calls now from a new bunch of well informed fraudsters, won't they?

What are CarPhone Warehouse and the beloved "networks" going to do to prevent that? Hire someone to sit by the phone with my parents 24/7 and hold their hand when these fraudsters call?


Big picture people, big picture - isn't that what your 5.5" are really for ?

Me - I am still using my trusty iPhone 4, but it keeps me mostly up to date with the workings of this world!

And mobilejunkie, get your head out of your mobile screen and get wised up properly, please. I've been dealing in all manner of small print rather too many years to willingly let some restricted exposure (still-wet-behind-the-ears) twerp suggest my thoughts on this matter are invalid.

zaax

As they have the bank and credit card details on-hand then they should be informing the banks directly. I cannot see any excuse for them not to.

agarnett

zaax wrote: »

As they have the bank and credit card details on-hand then they should be informing the banks directly. I cannot see any excuse for them not to.

I agree. And the banks should then manage the security issues and charge the cost back to CPW and the networks. However, this isn't just names and addresses and matched bank account numbers. This is serious historical CRA type data of the type used to verify identity e.g. how long have you been at your current address? What are your previous addresses? How long have you been with your bank?

From the TalkTalk website:

Carphone Warehouse is still investigating the exact circumstances of the attack, and at the moment we cannot say for certain that this data has been accessed. The customer data held by Carphone Warehouse was:

Personal details
Title
First Name
Last Name
Marital Status
Date of Birth
Address details
Address
Residential status
Years/months at address
Previous address
Previous residential status
Years/months at previous address
Delivery address
Contact details
Home phone
Daytime phone
Email
Bank details
Bank account number and sort code
Years/months at bank
Occupational details
Occupational status
Years/months in current job
Account details
Created date
TalkTalk account ID
TalkTalk customer ID
TalkTalk landline number
Accept threshold

What the hell were they thinking of to think they were legally permitted to store the CRA data alongside their own?

mobilejunkie

Stand for Parliament and change the law if enough sheep vote for your rants.

Meanwhile don't wait until you find a reason to rant before bothering to find out who you're buying from. You obviously also don't know Silk's pedigree if you believe that he doesn't know who operates Mobiles.co. Methinks your parents' ignorance is more admirable than your own crusade.

Double_V

So all our details are stored on their website ?
How come.
It was only their website that was under DDoS attack. ?