On 20th February 2020 there was a cyber-attack on the LOQBOX computer system. Following the attack, LOQBOX contacted customers to let them know that the company had been hacked and that as a result, some of their personal information may have been compromised. The information included in the LOQBOX data breach included:
- Customer names
- Postal addresses
- Dates of birth
- Email addresses
- Phone numbers
- Two digits of the bank account number used to make payments to LOQBOX
- Payment card expiry dates.
Customers are at risk following the LOQBOX data breach
A huge amount of personal and highly sensitive data was accessed during the LOQBOX data hack. And the damage that could be caused should this fall into the wrong hands should not be underestimated.
Indeed, while LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”, it does acknowledge that this data could be used for phishing scams.
Despite this, LOQBOX claimed that it could not contact users and let them know about the hack until it knew more about how people had been affected. So, it took over a week before many people found out that their data was at increased risk of being used in phishing scams.
In a statement, LOQBOX said:
“The simple reason it took the time it did to respond is that we had to get our response right. We had cyber-security experts going through our systems, almost immediately, in order to understand what happened and who had been affected, but this took time. We instructed a specialist law firm to make sure that we were compliant with all the relevant regulations. We also made sure that the Information Commissioner’s Office and the Financial Conduct Authority were informed about exactly how we were responding. We really wanted to let you know sooner but felt it would have been irresponsible to contact our customers with only a partial picture because you would not have known what measures you should take to protect yourselves”.
At Keller Lenkner UK, our experience is that any delay in contacting customers (and former customers) following a data hack, places them at increased risk of fraud and causes more long-term distress.
What is phishing?
This is where a fraudster poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords.
Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Typical phishing scams include:
- Where fraudsters contact you posing as your bank
- Where fraudsters contact you posing as a company (e.g. Microsoft) and encourage you to complete steps that let them gain access to your computer
- Where scammers send out an email from a service you use (e.g. PayPal, Google Drive, Dropbox, etc.). This link instructs you to click on a link which leads to a fake page that collects your login details
- Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment
- Where scammers pretend to be from someone in the same company as you in a bid to steal the private data of your customers.
Ten steps to protect yourself following the LOQBOX data hack
Follow these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information following the LOQBOX data breach.
- Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances
- Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
- Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
- Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
- Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
- Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from LOQBOX
- Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
- If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
- If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
- Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.
If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.
Making a LOQBOX breach compensation claim
We have launched a group action against LOQBOX. Group actions can be a powerful tool and can have a bigger impact than a single claim.
If you are, or have ever been, a LOQBOX customer, you are affected by this cyber-attack and our group action can help. We can take on your claim on a no-win, no-fee basis.
JOIN THE KELLER LENKNER UK LOQBOX DATA BREACH GROUP ACTION TO GET THE JUSTICE YOU DESERVE.