News & Resources

Customer data compromised in LOQBOX data breach

  • Posted on

Credit history building tool LOQBOX was targeted in a “sophisticated and complex” cyber attack resulting in customers’ personal and financial data being accessed by cyber criminals.

LOQBOX said it became aware of the attack on 20 February 2020, shortly after it had happened, and that personal data, such as customers names and addresses, as well as some customers’ payment information was accessed.

Anyone who is or has ever been a customer of LOQBOX could potentially be affected by the hack. The company says that all affected customers have now been contacted, but LOQBOX did not do so immediately after the attack was identified.

The company told customers the reason for this delay was because they “could not contact you until we knew how you had been affected”.

It clarified:

The simple reason it took the time it did to respond is that we had to get our response right. We had cyber-security experts going through our systems, almost immediately, in order to understand what happened and who had been affected, but this took time.

We instructed a specialist law firm to make sure that we were compliant with all the relevant regulations. We also made sure that the Information Commissioner’s Office and the Financial Conduct Authority were informed about exactly how we were responding.

We really wanted to let you know sooner but felt it would have been irresponsible to contact our customers with only a partial picture because you would not have known what measures you should take to protect yourselves.

LOQBOX told customers “this information on its own cannot be used to access your bank accounts or other accounts”. They have also assured customers that funds held by LOQBOX are secure and have not been affected by the attack.

However, the compromised personal information could potentially be used by criminals to carry out phishing attacks against those customers affected. It could also be used for identity fraud purposes, meaning there is a real risk for those customers affected.

LOQBOX says the information accessed by the hackers falls into two categories:

  • Personal information including:
    • Names
    • Dates of birth
    • Postal addresses
    • Phone numbers
  • Financial information including:
    • The first six and last four digits of customers’ payment card numbers
    • Expiry dates of customers’ payment cards
    • Sort codes
    • Two digits of customers’ bank account numbers

The company says the incident has been reported to the police and regulatory authorities. It also says it has taken "further steps" to improve its defences against cyber attacks.

LOQBOX has warned customers and former customers to take precautions against phishing attacks, saying:

We suggest that you contact your bank or card issuer for advice on whether you should take any action. Unfortunately, such attacks are now common and so your bank or card issuer will be experienced in advising customers on what to do. They will also be able to help you identify any suspicious activity.

You should be careful of inbound telephone calls, emails or texts that make reference to your bank account or where you are being asked for further personal information. These may be attempted phishing scams. Such communications can often be very convincing, especially when received on a mobile phone.

LOQBOX will never call, text, or email you to ask for your full bank account number or card details. If you suspect any unusual activity, we recommend that you contact your bank or card issuer straight away.

Action Fraud has published some helpful information on how individuals can protect themselves from fraud and cyber crime and can also be contacted for advice.

There is more information from LOQBOX on how to keep safe here.

You can find out more about phishing attacks here.

Our expertise with data breaches

Hayes Connor is home to one of the largest team of data breach claims specialists in the country. With a wealth of experience and an excellent track record of success, we can guide clients through dealing with any situation where personal data has been lost, stolen or otherwise exposed.

If your data has been exposed or potentially exposed in a data breach, you can take a look at our guide to what to do if your data has been stolen in a data breach.

You can find out more about our expertise and how we handle data breach claims here.

To see how we can help with a data breach, you can use our online claim form or speak to a member of our team by calling 0151 363 5895.

Contact us