Ernest Posted December 3, 2021 Report Share Posted December 3, 2021 Hi all Had a call from Barclays Bank today re. unusual acitivity on my debit card. Then an e.mail from Moss to say that their web-site had been harvested of about one week's worth of transaction detials - all detials of credit and debit cards. So, if you bought anything from Moss over the past week then best to check your debit card or credit card accounts. Moss say they are working to resolve the issue. I thought it best to share this just in case anyone does not access e.mails that often. Ernest Quote Link to post Share on other sites
Cotswoldiver Posted December 3, 2021 Report Share Posted December 3, 2021 1 hour ago, Ernest said: Hi all Had a call from Barclays Bank today re. unusual acitivity on my debit card. Then an e.mail from Moss to say that their web-site had been harvested of about one week's worth of transaction detials - all detials of credit and debit cards. So, if you bought anything from Moss over the past week then best to check your debit card or credit card accounts. Moss say they are working to resolve the issue. I thought it best to share this just in case anyone does not access e.mails that often. Ernest I had similar email from Moss this evening, looks like someone has well & truly hacked their website & have all the details they need to use your card. Really worth checking your account & informing your bank looks like a major data breach Quote Link to post Share on other sites
RobH Posted December 3, 2021 Report Share Posted December 3, 2021 That is a real drop-off by Moss. Any details they have should be encrypted, not stored as plain text. Quote Link to post Share on other sites
PodOne Posted December 3, 2021 Report Share Posted December 3, 2021 Hope its post 24th November will keep an eye on things regardless. Quote Link to post Share on other sites
Martin50 Posted December 3, 2021 Report Share Posted December 3, 2021 Is there any info on whether they have lost data held on accounts? I’m assuming a lot of folks will have accounts with Moss. Quote Link to post Share on other sites
BlueTR3A-5EKT Posted December 3, 2021 Report Share Posted December 3, 2021 2 hours ago, RobH said: That is a real drop-off by Moss. Any details they have should be encrypted, not stored as plain text. From the Moss Europe web site. Transactional Security Moss Europe Ltd understands how important the security of your personal information is, our website https://www.moss-europe.co.uk maintains the highest levels of security. This site uses secure server software SSL encryption technology, the most advanced security software currently available for online transactions. SSL encrypts all the information you input before it is sent to us. Every page on our website will start with ‘https’ in front of the web address which is www.moss-europe.co.uk. A small locked padlock will also appear in the bottom bar of your browser window. Some of our web pages may contain links to other websites; we recommend that you review their own privacy policy. Moss Europe Ltd is not responsible for the content or the privacy policies of websites to which it may provide links or the websites of its advertisers. Paying using a Credit or Debit card When you select to pay using a Credit or Debit card you will be directed to the Barclaycard EPDQ secure website until the transaction has been placed. Once the order has been successfully placed you will be re-directed back to our website. Our checkout process also uses Verified by Visa, this service enhances the security of your payment card account against unauthorised use when you shop on our website. Paying using PayPal When you select to pay using PayPal you will be directed to PayPal’s secure website until the transaction has been placed. Once the order has been successfully placed you will be re-directed back to our website. Our checkout process also uses Verified by Visa, this service enhances the security of your payment card account against unauthorised use when you shop on our website. Quote Link to post Share on other sites
astontr6 Posted December 4, 2021 Report Share Posted December 4, 2021 14 hours ago, Ernest said: Hi all Had a call from Barclays Bank today re. unusual acitivity on my debit card. Then an e.mail from Moss to say that their web-site had been harvested of about one week's worth of transaction detials - all detials of credit and debit cards. So, if you bought anything from Moss over the past week then best to check your debit card or credit card accounts. Moss say they are working to resolve the issue. I thought it best to share this just in case anyone does not access e.mails that often. Ernest Thanks for doing that. Bruce. Quote Link to post Share on other sites
RobH Posted December 4, 2021 Report Share Posted December 4, 2021 10 hours ago, BlueTR3A-5EKT said: This site uses secure server software SSL encryption technology, the most advanced security software currently available for online transactions. SSL encrypts all the information you input before it is sent to us. Yes the internet transaction between the customer and the company is encrypted by the use of SSL (https). That is what nearly all on-line companies do and you shouldn't deal with any that do not use https - but that only secures the transmission of the data across the internet. Once it reaches the company it is decrypted so they can read it. It's what happens to the plain data once they have received it that counts just as much. Quote Link to post Share on other sites
PodOne Posted December 4, 2021 Report Share Posted December 4, 2021 7 minutes ago, RobH said: Yes the internet transaction between the customer and the company is encrypted by the use of SSL (https). That is what nearly all on-line companies do and you shouldn't deal with any that do not use https - but that only secures the transmission of the data across the internet. Once it reaches the company it is decrypted so they can read it. It's what happens to the plain data once they have received it that counts just as much. Thanks Rob just learned something as to what https is and means. Andy Quote Link to post Share on other sites
Ernest Posted December 4, 2021 Author Report Share Posted December 4, 2021 See Moss e.mail received yesterday Enest Dear Sir/Madam, Private and Confidential I am writing regarding a security incident which may have affected our website between 24 November 2021 and 29 November 2021. What has happened On 29 November 2021 we identified that an unauthorised third party had installed unauthorised software on our website. It is unclear how long this software was active for and we are looking into this as a priority. However, the software might have enabled the unauthorised third party to collect the payment card details of customers using their cards to purchase items through the website between 24 November 2021 and 29 November 2021. Our records show that you made a purchase through the website using a payment card during this period. On that basis, there is a risk that your card details could have been compromised. We are working hard to confirm which specific customers have been affected by this incident. However, we did not want to delay informing you so that you can take steps to protect your payment card. The information potentially involved would have included the following: · first name · last name · credit card number · credit card security code (CSC) · credit card expiry date What you should do Given the nature of this information, we wanted to let you know about the incident as soon as possible. In the wrong hands, there is the risk that the information could be used to attempt credit card fraud. As a result, we recommend that you exercise increased vigilance in all matters relating to your personal and payment details. In particular, you should consider contacting your bank regarding the card mentioned above and make arrangements for a replacement to be issued if they advise that is appropriate. In addition to this, it is also good practice in general to: · Check that all details for direct debits are up to date and delete any that are no longer needed. · Check bank accounts regularly, and contact the bank if you see any transactions you do not recognise. · Be suspicious if anyone contacts you by email, phone call or text message asking you to confirm your personal details; and · Enable two-step authentication on all your online services. What we have done Following discovery of the incident, we have already taken some initial steps, including: · Removing the malware and adding to the security of our systems. · Appointing a specialist data security provider to investigate the incident; and · Notifying relevant regulatory authorities Please accept our apologies for any worry and inconvenience this incident may have caused. We take our data responsibilities and protection of your data very seriously. We are taking all necessary steps to strengthen our security to reduce the risk of a similar incident happening in the future. If you have any questions, please contact us at customer-support@moss-europe.co.uk Yours faithfully, Alex Chaperlin Managing Director Moss Europe Ltd Quote Link to post Share on other sites
Waldi Posted December 4, 2021 Report Share Posted December 4, 2021 Hi Ernest (and others that have dealt with Moss recently), Maybe it is prudent to lower your credit limit to say 1 pound while this gets sorted? In that case only one pound can disappear. Waldi Quote Link to post Share on other sites
RobH Posted December 4, 2021 Report Share Posted December 4, 2021 (edited) 18 minutes ago, Waldi said: Maybe it is prudent to lower your credit limit to say 1 pound while this gets sorted? Unfortunately if the information has been 'scraped' by criminals it doesn't end when the original problem is fixed. Credit card and personal information is bought-and-sold between criminals on the dark web so even if nothing happens to your account right now, it could at any time in the future if someone buys your details. The only safe thing to do if you are one of those affected is request a new card with a different security code and expiry date and have them cancel the old one. ( This happened to me some years back when I bought a camera on the 'net. Some months later some odd transactions appeared in the US, using my card. The transactions were cancelled by my provider and I got a new card. ) Edited December 4, 2021 by RobH Quote Link to post Share on other sites
Peter Cobbold Posted December 4, 2021 Report Share Posted December 4, 2021 I never give card details on-line or by phone, and have long avoided suppliers that do not offer PayPal. Quote Link to post Share on other sites
PodOne Posted December 4, 2021 Report Share Posted December 4, 2021 So happens on the 24th I went into Moss to collect some parts ordered on the phone but no payment was made until I collected them on my debit card. Can anyone advise if this would be included in the situation as nothing was done via the web site. Thanks Andy Quote Link to post Share on other sites
RobH Posted December 4, 2021 Report Share Posted December 4, 2021 (edited) You are in the clear Andy if no card data went over the internet. If you used a normal card payment terminal on the desk, that will have a direct connection to the bank so the card data shouldn't have been processed by Moss and anyway they won't have had either the security number or expiry dates which a hacker would need. Edited December 4, 2021 by RobH typo Quote Link to post Share on other sites
PodOne Posted December 4, 2021 Report Share Posted December 4, 2021 Thanks Rob that's reassuring. Andy Quote Link to post Share on other sites
Keith66 Posted December 4, 2021 Report Share Posted December 4, 2021 (edited) 7 hours ago, RobH said: You are in the clear Andy if no card data went over the internet. If you used a normal card payment terminal on the desk, that will have a direct connection to the bank so the card data shouldn't have been processed by Moss and anyway they won't have had either the security number or expiry dates which a hacker would need. And exactly because of that i have a credit card with a lowish limit that i use for internet purchases only. This means day to day physical transactions are kept separate from internet spending and if the card gets compromised the other one is still ok and of course that applies both ways. Maybe i'm being over cautious but hey what the heck, hacks can happen. Cheers Keith Edited December 5, 2021 by Keith66 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.