Feeds

Namesco spits out phishy warning after credit card info leak

'Please do not treat this as SPAM'

Choosing a cloud hosting partner with confidence

The full text of Namesco's phish-like security warning:

Dear customer,

This email is a genuine security communication from Namesco and contains important information about your credit card details; please do not treat this as SPAM.

We have recently detected malicious activity on our systems resulting in the possibility that personal details and payment card information you have provided in connection with your Namesco account may be at risk. We are writing to recommend you take the appropriate action to protect your credit card data from potential fraudulent activity. A small proportion of our customer base has potentially been affected by this issue and we are contacting each person individually.

Who May Have Been Affected?

A recent security alert triggered our system administrators to immediately conduct a thorough investigation which concluded that your details may have been sent to a 3rd party email account. Although we do not have any evidence that your account has been compromised, we take the protection of our customers' data very seriously and we strongly advise as a precautionary measure you take the steps below to allay fears that your personal information has been intercepted. For your information, we have also contacted a separate group of 178 customers whose details were more likely to have been compromised.

The compromised data may include all or some of the following information: payment card number added to your Namesco account, name on card, card start (if entered) and card expiry date. Please note that the 3 digit card security number is not collected and therefore cannot be compromised. Your Namesco account administration email, account name, date of birth (if supplied), contact phone numbers (if supplied) and postal address may also have been compromised along with your Namesco account administration password. We have no reason to believe your site administration or email passwords have been affected.

What Might I Do Next?

We have not received any reports of illegal usage of your personal information; however you may consider contacting your card issuer to inform them that your card details may have been stolen and arrange to stop the payment card.

The last four digits and expiry date of payment card(s) are:

xxxx

As a precaution, we recommend that you change your Namesco account administration password at https://admin.names.co.uk/reminder1.php which will send a password re-set email to the address you hold on your Namesco account. If your password is not changed by Tuesday 17th January, we will automatically change your password for you. This means that in order to access your Online Control Panel you will be required to re-set your password at https://admin.names.co.uk/reminder1.php anyway.

We apologise sincerely for any inconvenience this incident may have caused and would like to reassure you that we have been working around the clock to ensure that we have undertaken a thorough investigation to identify the cause of the malicious activity and immediately locked down security to remove vulnerabilities.

As a result of this breach we have focused all of our efforts on developing new security enhancements that strengthen our network infrastructure against criminal activity of this nature; and we will be liaising with the UK Information Commissioner regarding this incident and engaging the police who will support an investigation into this criminal activity.

If you have any questions raised by this email, you can contact us by calling 0845 363 3634, Monday to Friday 8 am to 8 pm.

We greatly appreciate your patience and goodwill and hope that you understand we are treating this incident with the highest level of seriousness.

Kind regards,

xxx Customer Care Manager, UK Namesco Limited

®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.