Major UK pub chain, Greene King, has disclosed a data breach on its card gift website https[:]//www[.]gkgiftcards[.]co[.]uk. The incident has resulted in the compromise of personal details of customers.
In a breach notification, the firm revealed that it detected the breach on May 14, 2019. The hackers behind the attack had gained unauthorized access to the website and were able to access customers’ sensitive details.
What data was involved?
The compromised information includes names, email addresses, user IDs, encrypted passwords, addresses, postcode, and gift card order numbers of customers.
However, no bank details or payment information were accessed in the breach.
“Suspicious activity was discovered on 14th May and a security breach was confirmed on 15th May. No bank details or payment information were accessed. However, the information you provided to us as part of your gift card registration was accessed. Specifically, the hackers were able to access your name, email address, user ID, encrypted password, address, postcode and gift card order number. Whilst your password was encrypted, it may still be compromised,” said the firm in its notification, Security Boulevard reported.
What has been done?
While the number of impacted users is unknown, the firm has begun taking appropriate security measures to secure users’ data. It has also notified Information Commissioner’s Office (ICO) as well as its customers about the breach.