Staysure, a UK based Insurance company has suffered a massive data breach. More than 93,000 customers' sensitive financial data may have been compromised by unknown hackers.
We became aware of the problem on November 14, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner’s Office and the Police.
The company notified that their systems have suffered cyber attack during the second half of October 2013 and Customers' Data including names, addresses, payment card details and CVV numbers has stolen.
In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data.
Credit card details were encrypted, but the CVV number was in the clear text, which is not good. Now this is not confirmed that their encryption implementation was secure or not. However if the payment card number is encrypted, then a hacker couldn’t get the encrypted card number back so they couldn’t use the CVV number anyway.
We immediately removed the software and systems that the attackers exploited, and we are confident that we are taking the right steps to protect our customers in the future.Now any affected customers are being given free access to an identity monitoring service. The company has hired an Independent forensic data experts to fully ascertain the problem.