Recent headlines have made for uneasy reading!
M&S & Co-op customers have fallen victim to a recent data breach with M&S having to halt its online ordering system on April 22nd following the incident, but quickly assured customers that no immediate action was required on their part.
It transpired however that hackers may have pilfered personal details from customers during the breach, potentially including contact details. On May 2nd, a Co-op spokesperson disclosed that they were still facing attacks.
You can find Co-Ops full statement here.
M&S released an update on their main website with the following:
M&S’ full statement available here.
It is reported that the same cybercriminals had taken responsibility for both attacks.
Corporate e-mail addresses, as well as private, are often used for access to online retailers. Whether it’s setting up an account to leverage a discount or for convenience, your corporate e-mail infrastructure may now be in the crosshairs of nefarious entities.
In response to these events, we’d like to offer assistance for businesses to check if their data has been compromised and to advise on what actions to take. If you’ve noticed an increase in SPAM e-mail recently, we can help determine if your email address (or one from within your organisation) was involved in a data breach, including the most recent from M&S & Co-Op.
Digitrol can check an e-mail address against a database of username and password combinations from public leaks. These are taken from publicly available breaches which can be found via various sites on the web or dark web. The database we use makes it easier to cross reference each of these leaks without having to visit the sketchier parts of the web.
This will tell us whether your username or e-mail address has ever appeared in a leaked database. We can repeat this process to check multiple e-mail addresses or usernames, allowing us to determine which breach your e-mail address or username appears in!
We would strongly recommend this service be used for senior management e-mail addresses at the very least.
As you can imagine, the collation and update of the database has taken considerable resources, so there is a charge, but less than you may think. This is charged per email address with a reduced fee per subsequent email that is on the same domain. Please contact us for more information and up-to-date pricing.
My information has been stolen, what do I do?
Here is a 4-step process we recommend be carried out immediately. Each of the steps is very straight forward, but should you require a little help in getting these ticked off, we’re more than happy to advise you on how to get yourself secure.
1
It may seem obvious, but as soon as you suspect you data may have been compromised, change your passwords immediately. Use tools like password managers to assist in the process.
2
Most websites/systems allow the setup of 2 factor authentication. Meaning you need 2 forms of credentials to log in. This adds an extra level of security. This can be anything from a trusted device popup to biometrics.
3
Most of the time Spam emails are sorted directly into a pre created inbox. Whilst this can occur in error, be careful opening anything that has ended up here, especially if you were not expecting the email.
4
Where possible, use inbuilt spam filters available through email providers. Some mobile phones can also filter suspected spam callers, should you believe you contact number has been compromised.