16 Feb 2016 at 17:00, Alexander J Martin http://www.theregister.co.uk/2016/02/16/data_breach_at_quotemehappy/Aviva-owned online-only insurance business Quotemehappy.com has informed customers that there has been a data breach at its website.
Quotemehappy announced that it had “recently” lost a “small number” of customers’ details, comprising “vehicle registration, email address, mobile number, landline number and address.”
An email sent around to customers today, which was seen by The Register, informed customers of “a recent incident where a small number of Quotemehappy.com customers were able to view personal information of another customer when accessing the ‘My account’ section of the Quotemehappy.com website.”
The breach is thought to have been a product of a caching error at the site. The email noted that it was “not possible” for customers to edit each others’ information.
The email was signed by company director Owen Morris, who said he was “sorry that this has happened and for any inconvenience or worry this may have caused.”
“I would like to reassure you that no sensitive personal data (e.g. bank or card details) has been accessed or disclosed” Morris added, although customers are being offered “12 months of identity protection cover free of charge” through insurance biz Noddle.
A rather unfortunate Reg reader got in contact with us regarding the Noddle offer:
The best bit about all of this is that, as previous TalkTalk customers, we already have the less comprehensive Noddle Alerts from them for the next few months. Apparently this means we cannot activate the more comprehensive package QuoteMeHappy are offering, nor extend the credit alerting up for another 12 months.
The Register has contacted Aviva for comment. A spokesperson said:
Quotemehappy.com has identified an incident where a small percentage of customers were able to see another customer’s contact details, such as name, address and telephone number, when they logged into their account.
These details could not be changed and no sensitive, personal or financial, information could be viewed or accessed.
The issue has now been fully resolved and we have contacted all impacted customers to explain the situation and have notified the FCA and the ICO.
An ICO spokesperson said: “We’re aware of an incident involving Aviva and are making enquiries.”
Quotemehappy announced that it had “recently” lost a “small number” of customers’ details, comprising “vehicle registration, email address, mobile number, landline number and address.”
An email sent around to customers today, which was seen by The Register, informed customers of “a recent incident where a small number of Quotemehappy.com customers were able to view personal information of another customer when accessing the ‘My account’ section of the Quotemehappy.com website.”
The breach is thought to have been a product of a caching error at the site. The email noted that it was “not possible” for customers to edit each others’ information.
The email was signed by company director Owen Morris, who said he was “sorry that this has happened and for any inconvenience or worry this may have caused.”
“I would like to reassure you that no sensitive personal data (e.g. bank or card details) has been accessed or disclosed” Morris added, although customers are being offered “12 months of identity protection cover free of charge” through insurance biz Noddle.
A rather unfortunate Reg reader got in contact with us regarding the Noddle offer:
The best bit about all of this is that, as previous TalkTalk customers, we already have the less comprehensive Noddle Alerts from them for the next few months. Apparently this means we cannot activate the more comprehensive package QuoteMeHappy are offering, nor extend the credit alerting up for another 12 months.
The Register has contacted Aviva for comment. A spokesperson said:
Quotemehappy.com has identified an incident where a small percentage of customers were able to see another customer’s contact details, such as name, address and telephone number, when they logged into their account.
These details could not be changed and no sensitive, personal or financial, information could be viewed or accessed.
The issue has now been fully resolved and we have contacted all impacted customers to explain the situation and have notified the FCA and the ICO.
An ICO spokesperson said: “We’re aware of an incident involving Aviva and are making enquiries.”
