Grattan customers warned about phishing scam

24 February 2011

grattanOne of the wonderful HUKD team just got an email from Grattan, the catalogue people. It appears that Grattan customers have fallen foul of a phishing scam, so here's the heads-up for any of you who have been buying from them.

Basically, information that has been used to contact customers has been accessed by a third party.

This means, your information is now floating around in bad people's hands. The information they have is your name, email address, gender and date of birth. The good news is that banking information, postal addresses, credit card details or account passwords were NOT held on the database breached.

If you want to read the full statement, click over the jump.

Dear Customer,

IMPORTANT: Internet Security Warning

This letter is important and requires your immediate attention.
Please read it carefully.

We have recently been informed by one of our service providers that information used to contact customers on our behalf has been improperly accessed by a third party. As a consequence of this attack, information relating to our shoppers was accessed using our service provider's computer systems. Limited information such as name, email address, gender and date of birth was included in the information that was accessed. Postal address information, required by those who commit credit fraud, was not amongst the affected data. Please be assured that at no time were our own computer systems accessed.

It is important to note that no banking information, postal addresses, credit card details or account passwords were held on the database concerned.

Immediate steps have been taken to prevent a reoccurrence and criminal investigations are ongoing.

We use this service provider to send emails to customers and prospective customers on our behalf. This attack involved data held on behalf of a number of internationally-known brand names which are based all over the world. Whilst the attack was not targeted at UK businesses, a number of UK firms have been affected, including Grattan.

It is not known how many such incidents there are globally but, as a responsible business, we expect our service providers to inform us in the event of a successful attack. We believe it is right to tell you when such an attack happens and to give practical guidance on how to protect yourself.

As a consequence of this, it is necessary to warn our customers of the potential risks they might face, and to help all our customers protect themselves in the future. Industry experts report that attacks such as the one we describe are becoming more frequent and increasingly sophisticated. “Phishing” or hoax emails to individuals are becoming increasingly commonplace. The individuals behind this type of criminal activity may try to obtain personal and credit or debit card details by impersonating well known brands. They may use illegally-obtained information to encourage future victims to disclose further information that will enable them to target, for example, their victim's bank account.

What do I need to do?

• Make sure your computer has current anti-virus and anti-spyware software.

• Ensure you have up to date firewall software.

• Always install the latest security upgrades.

• Carry out regular scans of your computer.

• Change your passwords regularly.

• Always be careful about disclosing your personal details.

• Visit our website and click on the "security" link. Full details are below.

• Be as well informed as you can be. Please see "Online Safety Advice", below.

• Above all, be vigilant. Provided you take simple steps to protect yourself, internet shopping is both
convenient and safe.

Please be assured that we will never contact you or send emails asking you to provide personal information or to confirm your security details online. We would strongly advise you not to respond to any emails or websites that ask you to do so. If you are asked to do so by someone claiming to represent Grattan, it is not a legitimate request and you should not respond or provide any information to them. Please refer to the online safety advice, below.

Online Safety Advice

For advice on how to protect your identity online and to identify potentially fraudulent websites or emails we strongly recommend you visit Get Safe Online, a highly informative UK government-backed website with advice on what to do to avoid online fraud. Their website address is www.getsafeonline.org.

If you suspect that you have received a “phishing” or hoax email you should delete it immediately without responding.

If you have any concerns or questions please click on the “security” link on our homepage at www.grattan.co.uk and follow the link to “internet security” where you will find more information and frequently asked questions. If you don't find the answer to your question there, please do not hesitate to contact us free of charge on 0800 313 313*. Lines are open every day between 8am and 8pm. Please note this line is only open for enquiries about data security matters and will remain in place until the end of March 2011.

Your online security is important to all of us and Grattan is committed to the fight against online crime.

Yours sincerely,

John M Skews
Head of Security
Freemans Plc and Grattan Plc

*Calls are free from a BT landline. Calls from other network providers may vary.

Authorised and regulated by the Financial Services Authority

TOPICS:   Technology

10 comments

  • Rich
    "The good news is that banking information, postal addresses, credit card details or account passwords were held on the database breached." Do you mean NOT held on?
  • GrumpyArse
    "The good news is that banking information, postal addresses, credit card details or account passwords were held on the database breached." You might want to change that sentence slightly to avoid a libel case! :o)
  • Andy D.
    Sorted - thanks eagle-eyed readers. Quite an important word in the grand scheme of things, no?
  • EveryCloudHasASilverLining
    Blow me, 2 mins after receiving that email from Grattan, I've been informed I've won an ipad from some company that seems vaguely familiar, maybe not. All I need to do is send my address details and the item will be here within 10 days. How lucky is that ?
  • DragonChris
    Send them address of a local police station...
  • [email protected]
    DragonChris, Don't be silly, I want my winnings.
  • brian
    Freemans, Grattan, Littlewoods they were so 80's man. Online shopping is the new Grattan!
  • Natalie
    What I don't understand is that I closed my Freemans account over two years ago so why do they still have my details on file? I settled my account over two years ago and asked them to close it so I wouldn't have expected them to still be storing my details?
  • Security B.
    [...] information onto. That’s not that first time that’s happened in the last few weeks; Grattan sent a similar email to it customers warning them that their information had been compromised, also pointing the figure at a third party [...]
  • direct c.
    Hello there, You've performed a fantastic job. I'll certainly digg it and for my part suggest to my friends. I am sure they will be benefited from this site.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment