I got today a nice email
"We regret to inform you that Vernons has suffered a security incident and some of your personal data has been revealed to an unauthorized person. "
Went into livechat this is what they told me :
This was an external intrusion using malicious software. Such intrusions effectively mean that they penetrated a system in such a way to go undetected by the various controls in place in accordance with existing practice and legal requirements. These cyber-attacks are unfortunately not uncommon in the online world. This is why we are working together with police authorities in order to detect the criminal or criminals that committed this and protect ourselves from further similar incidents. Unfortunately, we are not at liberty to disclose any further information as that would risk undermining the ongoing investigation.
As per PCI-DSS, we do not keep any CVV data, all credit card number are pseudonymised and the key encryption is held in a hardware security module. All payment details are stored separately to the data which has been compromised. Also, in order to access payment details additional verifications steps are necessary, and the unauthorised person was not able to perform these actions. Hence, our investigation has established with certainty that these have not been accessed by the unauthorised person.
Very Nice News Right? take care of your data folks!
"We regret to inform you that Vernons has suffered a security incident and some of your personal data has been revealed to an unauthorized person. "
Went into livechat this is what they told me :
This was an external intrusion using malicious software. Such intrusions effectively mean that they penetrated a system in such a way to go undetected by the various controls in place in accordance with existing practice and legal requirements. These cyber-attacks are unfortunately not uncommon in the online world. This is why we are working together with police authorities in order to detect the criminal or criminals that committed this and protect ourselves from further similar incidents. Unfortunately, we are not at liberty to disclose any further information as that would risk undermining the ongoing investigation.
As per PCI-DSS, we do not keep any CVV data, all credit card number are pseudonymised and the key encryption is held in a hardware security module. All payment details are stored separately to the data which has been compromised. Also, in order to access payment details additional verifications steps are necessary, and the unauthorised person was not able to perform these actions. Hence, our investigation has established with certainty that these have not been accessed by the unauthorised person.
Very Nice News Right? take care of your data folks!