Since the cyber attack on our website on Wednesday 21st October 2015, we have been working to establish what happened and, importantly, understand the extent of any individual customer data stolen during this attack. In light of the potential scale of attack, our responsibility last week was to inform all customers as quickly as possible. Our investigation continues, but we now know the extent of the data accessed is significantly less than originally suspected and can confirm that the following personal data was accessed:
Less than 21,000 unique bank account numbers and sort codes
Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
Less than 15,000 customer dates of birth
Less than 1.2 million customer email addresses, names and phone numbers
Starting today, we are writing to all customers who have been affected by this to let them know what information has been accessed.
As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them. [See below Bob]
Police confirmed that officers have also carried out a search at a residential property in Liverpool in connection with the “significant and sustained” attack on its website on 21 October.
- Directing a comprehensive Cyberspace Policy Review in order to assess U.S. policies and structures for cybersecurity;
- Making cybersecurity one of the Administration’s first cross-agency priority management goals;
- Spurring information sharing through the President’s executive order to encourage the development of Information Sharing and Analysis Organizations (ISAOs) to serve as the hubs for sharing critical cybersecurity information and promoting collaboration for analyzing this information both within and across industry sectors;
- Leveraging cutting edge tools like the Department of Homeland Security’s (DHS) EINSTEIN and Continuous Diagnostics & Mitigation (CDM) program; and,
- Proposing targeted investments across a range of Federal departments and agencies that improve cybersecurity and protect government networks from cyber-threats.”
In light of the fact that the defendant against whom evidence from the subject telephone was to be used has pleaded guilty, I respectfully direct the government to explain why the application is not moot.
"Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as terrorism," wrote Vincenzetti. "Only the private companies can help here; we are one of them."
"It is crystal clear that the present American administration does not have the stomach to oppose the American IT conglomerates and to approve unpopularly, yet totally necessary, regulations," He added.