Feeds

Namesco spits out phishy warning after credit card info leak

'Please do not treat this as SPAM'

Providing a secure and efficient Helpdesk

The full text of Namesco's phish-like security warning:

Dear customer,

This email is a genuine security communication from Namesco and contains important information about your credit card details; please do not treat this as SPAM.

We have recently detected malicious activity on our systems resulting in the possibility that personal details and payment card information you have provided in connection with your Namesco account may be at risk. We are writing to recommend you take the appropriate action to protect your credit card data from potential fraudulent activity. A small proportion of our customer base has potentially been affected by this issue and we are contacting each person individually.

Who May Have Been Affected?

A recent security alert triggered our system administrators to immediately conduct a thorough investigation which concluded that your details may have been sent to a 3rd party email account. Although we do not have any evidence that your account has been compromised, we take the protection of our customers' data very seriously and we strongly advise as a precautionary measure you take the steps below to allay fears that your personal information has been intercepted. For your information, we have also contacted a separate group of 178 customers whose details were more likely to have been compromised.

The compromised data may include all or some of the following information: payment card number added to your Namesco account, name on card, card start (if entered) and card expiry date. Please note that the 3 digit card security number is not collected and therefore cannot be compromised. Your Namesco account administration email, account name, date of birth (if supplied), contact phone numbers (if supplied) and postal address may also have been compromised along with your Namesco account administration password. We have no reason to believe your site administration or email passwords have been affected.

What Might I Do Next?

We have not received any reports of illegal usage of your personal information; however you may consider contacting your card issuer to inform them that your card details may have been stolen and arrange to stop the payment card.

The last four digits and expiry date of payment card(s) are:

xxxx

As a precaution, we recommend that you change your Namesco account administration password at https://admin.names.co.uk/reminder1.php which will send a password re-set email to the address you hold on your Namesco account. If your password is not changed by Tuesday 17th January, we will automatically change your password for you. This means that in order to access your Online Control Panel you will be required to re-set your password at https://admin.names.co.uk/reminder1.php anyway.

We apologise sincerely for any inconvenience this incident may have caused and would like to reassure you that we have been working around the clock to ensure that we have undertaken a thorough investigation to identify the cause of the malicious activity and immediately locked down security to remove vulnerabilities.

As a result of this breach we have focused all of our efforts on developing new security enhancements that strengthen our network infrastructure against criminal activity of this nature; and we will be liaising with the UK Information Commissioner regarding this incident and engaging the police who will support an investigation into this criminal activity.

If you have any questions raised by this email, you can contact us by calling 0845 363 3634, Monday to Friday 8 am to 8 pm.

We greatly appreciate your patience and goodwill and hope that you understand we are treating this incident with the highest level of seriousness.

Kind regards,

xxx Customer Care Manager, UK Namesco Limited

®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.