The latest to join the newest group of cyber attack victims is British retail behemoth Fortnum & Mason. The company faced a major data breach wherein personal information of around 23,000 customers might have been compromised. The leaked data may include name, email and home addresses, and social media handles of the users.
Apparently, most of the users who had participated in the online poll for TV personality of the year category at the store’s food and drink awards, hosted by specialist survey and voting company Typeform, are at risk. “At 17.26pm on Friday 29 June, Typeform, a company that provides services that we have used in the past to collect survey responses and voting preferences, notified us that they had suffered a data breach and unfortunately some of our data had been compromised,” said a statement from the company. “The data of approximately 23,000 competition and survey participants who inputted into a Typeform form has been involved in this breach. For the majority of people, only the email address has been exposed. For a smaller proportion of customers, other data such as address, contact number and the social handle has been included.”
On the brighter side, no financial data was compromised during the hack, “These forms did not request bank or payment details, or require passwords,” it said, due to which the website and database of the store remain unaffected.
The incident is the second major breach in a week following similar Ticketmaster hack, where hackers stole data from the website including payment information of several customers. The website issued an alert after noticing a malicious software on a customer support product hosted by its third-party, Inbenta Technologies. “As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites,” stated the alert. Ibenta’s product runs on several Ticketmaster international websites like Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb. Data of users’ of these sites “may have been accessed by an unknown third party,” it said.