Gift Card Website of Greene King compromised by the hackers

Greene King, Major pub chain of UK, had their gift card website (i.e. https://www.gkgiftcards.co.uk) compromised by the hackers. The company revealed that suspicious activity was detected on May 14, 2019, and personal data breach has been confirmed on the next day (i.e. on May 15, 2019). The restaurant, pub and hotel chain have informed their affected customers by email on May 28, 2019. The ICO (Information Commissioner's Office) has also been notified about the breach.

As per the breach notification email to its customers, "suspicious activity was discovered on 14th May and a security breach was confirmed on 15th May". The hackers behind this attack gained unauthorized access of the gift card website, and thus were successful in accessing the customers' information provided to Greene King at the time of gift card registration.

The customer information that was accessed by the hackers includes names, user IDs, email addresses, postcode, addresses, encrypted passwords, as well as the order numbers of gift card. However, payment information or bank details were not accessed in this breach.

The pub chain has not revealed any more details on how the passwords were "encrypted", but only said in their customer notification email that "whilst your password was encrypted, it may still be compromised".

Also, no details have been provided on how hackers were successful in compromising the gift card website of Greene King. Moreover, how many customer records were impacted in this data breach was also not disclosed yet.

Due to personal data breach, Greene King advises the customers to change password of Greene King account immediately by using a strong and unique password. The company also said that if anyone uses same credentials of Greene King on any app or other website, then password should be changed immediately there also.

Greene King further advises to remain on alert for the customised messages from the scammers, who may use the stolen personal information in order to try con you by letter, email (phishing), and phone (text & voice). The company also said that one may never reply, click on the links, or open attachments of any suspicious emails.

In breach notification email to the customers, Greene King said that "at this stage of our investigation, we have no evidence to suggest anyone affected by this incident has been a victim of fraud but we are continuing to monitor the situation".

» SPAMfighter News - 6/11/2019