Ffrees customer personal information has been exposed in a data breach
Ffrees is an online banking service that lets customers transfer money into their Ffrees account for discounted shopping, where users may benefit from discounts on purchases in various shops
Recently, they have come under fire for data protection and compliance issues.
Ffrees have previously come under scrutiny for their terms and conditions, but now it seems the company has failed to secure their customers’ personal information following a cyber security incident.
We’ve been approached for advice following customers receiving emails from Ffrees admitting to an “information security incident”.
The company are notifying its users that certain personal information was “temporarily exposed” on their systems. As data breach specialists, we know that even the smallest opening for a data breach is all that’s needed for cyber criminals to access and obtain vast amounts of information. Even “temporary” exposure can lead to significant problems because, once information is accessed, closing the source does not retract the information.
The information that may have been breached includes the users’:
|Date of birth||Gender|
|Home & Mobile telephone numbers||Ffrees account number|
|Ffrees encrypted account password||Ffrees points transactions|
With this amount of information possibly compromised, there can be a big risk of harm and identity theft. Users are urged to be extremely vigilant as criminals with even a small amount of the information listed can target the data owner to phish for more information. People may need to be wary of anyone trying to contact them as a service provider using the above information to verify their identity.
Apparently the information that may have been exposed was held between 2012 and 2014. We assume this means the information was gathered between 2012 and 2014 but Ffrees offers no further explanation, and has yet to confirm when the breach actually happened.
The Information Commissioner’s Office has been notified of the incident and will be conducting their own investigation into the data breach. The ICO is the governing authority who monitor and enforce data protection compliance in the U.K. If they find Ffrees did not have adequate security measures in place, and therefore risked the safety of customers’ personal information, the ICO has the power to issue penalty fines of up to £400,000 along with other sanctions.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.