The full text of Namesco's phish-like security warning:
This email is a genuine security communication from Namesco and contains important information about your credit card details; please do not treat this as SPAM.
We have recently detected malicious activity on our systems resulting in the possibility that personal details and payment card information you have provided in connection with your Namesco account may be at risk. We are writing to recommend you take the appropriate action to protect your credit card data from potential fraudulent activity. A small proportion of our customer base has potentially been affected by this issue and we are contacting each person individually.
Who May Have Been Affected?
A recent security alert triggered our system administrators to immediately conduct a thorough investigation which concluded that your details may have been sent to a 3rd party email account. Although we do not have any evidence that your account has been compromised, we take the protection of our customers' data very seriously and we strongly advise as a precautionary measure you take the steps below to allay fears that your personal information has been intercepted. For your information, we have also contacted a separate group of 178 customers whose details were more likely to have been compromised.
The compromised data may include all or some of the following information: payment card number added to your Namesco account, name on card, card start (if entered) and card expiry date. Please note that the 3 digit card security number is not collected and therefore cannot be compromised. Your Namesco account administration email, account name, date of birth (if supplied), contact phone numbers (if supplied) and postal address may also have been compromised along with your Namesco account administration password. We have no reason to believe your site administration or email passwords have been affected.
What Might I Do Next?
We have not received any reports of illegal usage of your personal information; however you may consider contacting your card issuer to inform them that your card details may have been stolen and arrange to stop the payment card.
The last four digits and expiry date of payment card(s) are:
As a precaution, we recommend that you change your Namesco account administration password at https://admin.names.co.uk/reminder1.php which will send a password re-set email to the address you hold on your Namesco account. If your password is not changed by Tuesday 17th January, we will automatically change your password for you. This means that in order to access your Online Control Panel you will be required to re-set your password at https://admin.names.co.uk/reminder1.php anyway.
We apologise sincerely for any inconvenience this incident may have caused and would like to reassure you that we have been working around the clock to ensure that we have undertaken a thorough investigation to identify the cause of the malicious activity and immediately locked down security to remove vulnerabilities.
As a result of this breach we have focused all of our efforts on developing new security enhancements that strengthen our network infrastructure against criminal activity of this nature; and we will be liaising with the UK Information Commissioner regarding this incident and engaging the police who will support an investigation into this criminal activity.
If you have any questions raised by this email, you can contact us by calling 0845 363 3634, Monday to Friday 8 am to 8 pm.
We greatly appreciate your patience and goodwill and hope that you understand we are treating this incident with the highest level of seriousness.
xxx Customer Care Manager, UK Namesco Limited
Hey OddSocket, nice to see you again
We talk to customers through all sorts of channels, with twitter being just one contact point where we engage with a very small number of our customer base. Just like any other situation, we deal with all enquiries on a 1-2-1 basis and so we try and speak with our customers individually.
If someone wants to get in touch by phone or a support ticket where we can verify they are the account holder, then we’re always happy to talk about account details and that includes addressing questions that may include a request for compensation.
If you have received the security email from us, please contact us on the telephone number provided if you want further support and advice.
We Gonna let you know that we've been hacked and make the email look like a phishing scam...YEEEEEHAW!
A face-palm if I've ever heard one.
Credit Card details?
Why are Credit Card details stored at all. I use my card to make a payment. I don't see any need to retain those details.