Today, it was revealed that Fortnum & Mason, the British retail behemoth, has been the most recent victim of a major data hack.
The personal information of around 23,000 customers is left at stake after these were exposed through a partnership that the firm had established with Typeform, a survey company, for its food and drink awards.
Specifically, the people who voted through Typeform in the TV Personality of the Year category of the store could have had their personal data hacked. The data involved reportedly includes their name, home and email addresses, and their social media handles.
A statement that was released by Fortnum & Mason said: “At 17.26pm on Friday 29 June, Typeform, a company that provides services that we have used in the past to collect survey responses and voting preferences, notified us that they had suffered a data breach and unfortunately some of our data had been compromised.”
It added: “The data of approximately 23,000 competition and survey participants who inputted into a Typeform form has been involved in this breach. For the majority of people, only the email address has been exposed. For a smaller proportion of customers, other data such as address, contact number and social handle has been included. These forms did not request bank or payment details, or require passwords.”
The firm said that no financial information has been accessed as an outcome of the hack, and the database and website of Fortnum and Masons remains unaffected.
The retailer has now discontinued any ties that they have with Typeform, taking down all forms that were powered by the tech firm until an improvement in their security measures will be made. Fortnum and Masons further said that the root cause that was identified by Typeform as the “window” of the hackers has now been fixed. It said that forensic investigations are ongoing.
It is understood that other firms may have also been affected by the Typeform hack. The clients of Typeform include Uber, Nike, Airbnb, and Apple. Monzo, a digital bank, said that approximately 20,000 of its users have also been affected. It said, however, that all financial information has been kept safe.
The majority of the information that were leaked were email address leaks (19,213 customers), with the next largest leak being the name and postcode of a user’s old bank (1,600).
The news arrives days after Ticketmaster, a ticketing site, suffered a similar data breach at the hands of Inbenta, its third-party customer service site. The users of Monzo were also affected by the said hack. The data breach happened last April. It forced the bank to re-issue more than 6,000 new debit cards to its customers.