NOW: Pensions Limited has experienced a data breach. On 22nd December 2020, the pensions provider notified customers to let them know about the breach of their personal data. The breach happened between Friday 11 and Monday 14 December 2020.
In its email to customers, NOW: Pensions said that the data had been obtained by an unknown third party after one of its service partners unintentionally posted customer data online in a public software forum. While the data was visible only for a short time, it was copied by several unknown parties.
The data accessed includes customer names, email addresses, dates of birth and National Insurance numbers.
The incident has been reported to The Pensions Regulator and The Information Commissioner’s Office (ICO).
What should you do if your data was involved in the NOW: Pensions data breach?
In its email to customers, NOW: Pensions acknowledges that improper use of customer identity (based on the data taken) is possible. And, while it is taking steps to protect customers from harm, it could be too late.
As such, our data protection experts recommend the following steps:
- Contact your bank or credit card provider immediately if your financial data has been exposed
- Check all bills and emails for goods or services you have not ordered
- Check your bank account for unfamiliar transactions
- Alert your bank or credit card provider immediately if there is any suspicious activity
- Monitor your credit score for any unexpected dips
- Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
- Never provide your PIN or full password to anyone (even someone claiming to be from your bank)
- Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
- Follow the security instructions provided by NOW : Pensions
- Never automatically click on any suspicious links or downloads in emails or texts
- Don’t assume an email or phone call is authentic just because someone has your details
- Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details
- Know that, even if you recognise a name or number, it might not be genuine
- Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
- Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction
- Listen to your instincts and ask questions if something feels “off”
- Refuse requests for personal or financial information and stop discussions if you are at all unsure
- Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine
- Be cautious of unsolicited communications that refer you to a web page asking for personal data
- Don’t accept friend requests from people you don’t know on social media
- Review your online privacy settings.
- Register with the Cifas protective registration service to slow down credit applications made in your name
- Change your passwords regularly and use a different password for every account (a password manager can help with this)
- Protect your devices with up to date internet security software.