What information was stolen in the LOQBOX data hack?

Hackers Screen
Share on facebook
Share on twitter
Share on linkedin

The information stolen in the LOQBOX Data Hack includes

  • Customer names
  • Postal addresses
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Two digits of the bank account number used to make payments to LOQBOX
  • Payment card expiry dates.

The first six and last four digits of customer card numbers may also be at risk. This information is very valuable to cybercriminals. For example, the first six digits identify the financial provider. This information is often used in phishing scams (see more on this below).

LOQBOX funds have not been affected by this data breach.

What can cybercriminals do with this data?

LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”. However, the Fintech does acknowledge that this data could be used for phishing scams.

Phishing is where a fraudster poses as a legitimate organisation, your bank, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords.

Phishing scams can lead to your personal and sensitive data getting into the wrong hands. In the worst cases, this can lead to you falling victim to financial fraud and identity theft.

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information (to commit identity or financial fraud).

Typical phishing scams include:

  • Where fraudsters contact you posing as your bank to trick you into giving them sensitive financial data
  • Where fraudsters contact you posing as a company (e.g. LOQBOX) and encourage you to hand over sensitive information (e.g. passwords)
  • Where scammers send out an email with a fraudulent link. This email instructs you to click on a link which leads to a fake page that collects more of your sensitive data
  • Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment.

You can find out more about Phishing here.

Dealing with hundreds of different types of data breach cases, one thing that has become apparent to our solicitors is that the full impact is often not felt until many months after the initial violation, this is often because the data stolen is used in batches over time.

There was a delay in letting customers know that LOQBOX had been hacked and that personal information had been compromised. This placed people at increased risk of fraud and might have caused more long-term distress.

What’s more, many clients involved in phishing cases go on to suffer from distress and/or psychological trauma as a result of having their details stolen and used in fraudulent activity.

Make a LOQBOX data breach compensation claim

LOQBOX has told customers it is not currently offering compensation for the loss of personal data. Although it did say it was “extremely sorry”.

Keller Lenkner UK has launched a group action against LOQBOX. Group actions can be a powerful tool and can have a bigger impact than a single claim.


Contact Keller Lenkner UK’s expert data breach lawyers to discuss the LOQBOX data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin