Morrison More Breach - It's all the customer's fault!

Simon_Cox

You can opt to save all your points to your card, to use at a later date.
In fact Morrisons encourage users to do that.
Then they allow thieves to steal them all and blame you, the customer for their lack of security on their accounts

cookie0082

I like the blatant lies in their copy and paste reply stating that they frequently remind customers about account security, looked through a years worth of their monthly emails and no mention of account security.

Also stating that they take customer data security very seriously when they are the only reward card provider that don't require the customer to verify numbers from the card as well as provide the email and password. you can't afford to be that lazy with security its 2020.

I also don't get how they can say that no customer data has been lost due to these hacks. surely if they have accessed our accounts they have access to the address and phone numbers registered to the card.

Morrisons should have been warning all of its customers about this back when it first started over a year ago and they definitely should have upgraded their security since then. Hopefully action fraud, or whoever is in charge of dealing with these cases hold them to account for their negligence.

[Deleted User]

cookie0082 wrote: »

I also don't get how they can say that no customer data has been lost due to these hacks. surely if they have accessed our accounts they have access to the address and phone numbers registered to the card.

Not necessarily. Unless you were the one who accessed the accounts, you have no way of knowing what was seen or taken, or how the fields were stored and encrypted.

Widgetgirl

Morning, RIP of Britain are now looking into this

Widgetgirl

Rip off Britain are looking into this I emailed watch dog. I lost £10 redemmed in Bolton and I live on isle of wight.

SpanishBlue

I got this email from Morrisons today. Are they starting to feel the heat?


At Morrisons, we take the online security of our customers very seriously. There are some steps that you can take to ensure your data is safe online, and as such, we’d like to provide you with our advice for protecting your personal information.

We secure your account with an email and password. If you’ve used the same email address and password combination for more than one online account - for example, if both your Morrisons.com account and a separate online subscription service use the same log in details - we recommend that you change your passwords so you have one unique password per online account. You should also change your passwords if for any reason they’ve become accessible to anyone else.

If you use the same passwords on several accounts, then should any of your non-Morrisons online accounts be subject to an external data breach, fraudsters will be able to use the captured email and password combination on many different sites, across many different industries, to attempt account access.

Here is our guidance for creating secure online passwords:

1. You can use the site haveibeenpwned.com to check whether your email has been breached elsewhere on the internet. If your email has been breached on any site listed, change that password as soon as you can.
2. Use a different password for each website that you use.
3. Keep your password secret - even from us. We will never ask you to share your password with us.
4. Ensure the password is at least 8 characters in length and uses at least one capital letter and one number or a special character.

If you have any queries, feel free to get in touch with us.

Thank you,
Your Morrisons Team

DCFC79

Widgetgirl wrote: »

Rip off Britain are looking into this I emailed watch dog. I lost £10 redemmed in Bolton and I live on isle of wight.

Was your password the same as with other websites you have to login ?

Simon_Cox

So, it's almost March. Morrisons continue to blame customers and stubbornly refuse to take any responsibility or tighten up their 1980s style security.
Still no need for any more than a 5 character password (abcde will do just fine), still no option for 2 factor authentication, the More app still stays logged in when you change password or even change your More card. The theft of points is still happening, and more crucially, nobody seems to be getting hacked on any other sites - just Morrisons site. That blows away their insistence that the thefts are due to customers using the same email address / password across multiple sites.
Judgement by the Supreme Court is still awaited from the Nov 2019 final appeal of their massive payroll breach.
Other than completely boycott the stores of this lazy and complacent company, which many of us are doing, we can only hope that they get completely clobbered for the breach that they have been found guilty of and further hope that it's then exposed that the points thefts are indeed another breach by this awful company that neither seem to give a stuff about their customers or the security of their data.

splatt30

Just opened my More app to discover that £10 worth of points were 'loaded to card' and spent in a town, I don't even know where today. Quick google search shows this numerous people with similar issues. No contact details on their website. Have sent a Facebook message but don't hold out much hope. Have switched preference back to them printing a voucher off for me everytime I hit 5000 points and changed password on their website. Anyone else had the same? Any sugestions?

Cornucopia

I would strongly suggest that people do not keep large amounts of credit on their loyalty cards - the system security just isn't there.

If you want to save for something special:   cash the credit as it becomes available for spending, and put the equivalent amount into a bank/building society account where you can rely upon the security features and also the compensation arrangements.