Norman_E
Well-Known Member
I just had an e-mail from ASAP telling me of a data breach that could include payment details, but the e-mail went straight to my spam folder, so if you have had dealings with ASAP I suggest you check your spam folder.
ASAP Data Breach
- Thread starter Norman_E
- Start date
Heckler
Well-Known Member
Asap attacked
ASAP Supplies
Dear Customer,
We are writing to advise you that we have detected malware on certain pages of our www.asap-supplies.com website. This event may have disclosed your personal and payment data.
We are taking this incident extremely seriously and want to reassure you that we are fully committed to protecting your data. We have informed the Police, Action Fraud and Information Commissioner’s Office (ICO) and our investigations are currently ongoing.
The information that may have been compromised includes customer name, address, shipping address, email address, telephone numbers and payment details.
The next steps to take:
If you think your debit or credit card details have been affected, you will need to inform your financial institution and request a replacement card as soon as possible. Please call the number on the back of your card and let the issuing financial institution know your concern.
We also suggest that you regularly review your credit card and bank statements, looking for unfamiliar or suspicious activity. If you see a transaction that isn’t yours, contact your financial institution immediately.
Protective steps to take to minimise the risk of fraud:
Exercise caution with websites offering to check if someone’s details are included in the breach.
Do not pay anyone offering to remove personal details from the leaked data as this cannot be done.
If you receive an unsolicited email, text, letter or phone call requesting personal information, you should not respond.
Never reveal your full passwords, login details or account numbers, unless you are certain of the identity of the person making the request. Never click on any unrecognised links. You can call the person back and check the telephone number online if you were called and are unsure of the person’s identity on the phone.
If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040*.
We sincerely apologise for this experience and will be in touch again soon with further updates.
If you have any concerns in the meantime, please email: dsincident@asap-supplies.com
David Cottam
Commercial Director
A.S.A.P. Supplies Limited
ASAP Supplies
Dear Customer,
We are writing to advise you that we have detected malware on certain pages of our www.asap-supplies.com website. This event may have disclosed your personal and payment data.
We are taking this incident extremely seriously and want to reassure you that we are fully committed to protecting your data. We have informed the Police, Action Fraud and Information Commissioner’s Office (ICO) and our investigations are currently ongoing.
The information that may have been compromised includes customer name, address, shipping address, email address, telephone numbers and payment details.
The next steps to take:
If you think your debit or credit card details have been affected, you will need to inform your financial institution and request a replacement card as soon as possible. Please call the number on the back of your card and let the issuing financial institution know your concern.
We also suggest that you regularly review your credit card and bank statements, looking for unfamiliar or suspicious activity. If you see a transaction that isn’t yours, contact your financial institution immediately.
Protective steps to take to minimise the risk of fraud:
Exercise caution with websites offering to check if someone’s details are included in the breach.
Do not pay anyone offering to remove personal details from the leaked data as this cannot be done.
If you receive an unsolicited email, text, letter or phone call requesting personal information, you should not respond.
Never reveal your full passwords, login details or account numbers, unless you are certain of the identity of the person making the request. Never click on any unrecognised links. You can call the person back and check the telephone number online if you were called and are unsure of the person’s identity on the phone.
If you think you have been a victim of fraud you should report it to Action Fraud, the UK’s national fraud and internet crime reporting centre, on 0300 123 2040*.
We sincerely apologise for this experience and will be in touch again soon with further updates.
If you have any concerns in the meantime, please email: dsincident@asap-supplies.com
David Cottam
Commercial Director
A.S.A.P. Supplies Limited
Sea-Fever
Well-Known Member
Just Viagra for sale in my junk folder.....but thanks for the heads up, will keep an eye out.
One A.
Well-Known Member
Bought watermaker filters from them in the past so had the email.
tillergirl
Well-Known Member
I have had a similar one from Force 4 yesterday given a time/date window when they were attacked. I had bought during that period and my card has been identified by the card provider that a subsequent fraud occurred. Card compromised, card security number compromised, password compromised.
Sea-Fever
Well-Known Member
What was the period in question?
doug748
Well-Known Member
Just checked my spam - and there it was. Thanks
Praxinoscope
Well-Known Member
Oh bugger, I did a mass clear of my spam today without bothering to look at what was there.
Be useful to know the periods that ASAP and Force 4 think the breach might cover.
Be useful to know the periods that ASAP and Force 4 think the breach might cover.
tillergirl
Well-Known Member
"any orders made between 09:55 BST August 6th 2018 to 16:55 BST September 27th 2018". The credit card people rang me first to check all my current transactions.
CrikeyChris
Well-Known Member
Me too. Do not know why ASAP mail goes to my Junk folder (despite marking it "Safe") but it seems I am not alone. Quiet a big nuisance to call the bank and wait for a new card etc. Thanks for posting about the problem.
moomba
N/A
thankyou for this yup in my spam folder , but I always went through paypal, so hopefully its a good one
will check though
thanks again
will check though
thanks again
LittleSister
Well-Known Member
If only we'd known sooner. Think of all the boats/toys we could have bought, and explained away to our better halves as a result of this! 
Monkey Sea
New Member
Received same yesterday and rang ASAP to get more detail. Was told that they emailed all their customers out of an abundance of caution while conducting an investigation but only expect that a small percentage of customers were impacted.
daviddb
Well-Known Member
Yup, my card was trashed after using it for a Force 4 order in early August, card was finally blocked by Natwest Visa mid Sept by which time I was abroad on holiday and had the card refused by a merchant. Thankfully not at a petrol station but huge faff trying to sort everything out.
In amongst all the hugely bugg erancing experience it strikes me that Force 4 were loosing data over a very extended period and you'd think Natwest could tip you the wink that your card had been compromised (an Uber taxi account in my case) instead of letting one jet off to exotic (ahem) climes and thus end up in a bit of a pickle.
Yours very grumpy indeed
David
In amongst all the hugely bugg erancing experience it strikes me that Force 4 were loosing data over a very extended period and you'd think Natwest could tip you the wink that your card had been compromised (an Uber taxi account in my case) instead of letting one jet off to exotic (ahem) climes and thus end up in a bit of a pickle.
Yours very grumpy indeed
David
Robert Wilson
Well-Known Member
Got one from ASAP yesterday. I have checked when I last ordered from them and up to now (fingers crossed) no odd or unauthorised traffic on my card(s).
I'm pleased to have received the alert and I'm glad I'm not alone; but it makes me wonder whether we are seeing a covert, organised and potentially overwhelming cyber attack being orchestrated by...………………….?
Russia?
Edit:
At first I did wonder whether it was a scam to get me to log on to the email and get caught out. After hearing from you all above I'm somewhat relieved it wasn't a scam.
I'm pleased to have received the alert and I'm glad I'm not alone; but it makes me wonder whether we are seeing a covert, organised and potentially overwhelming cyber attack being orchestrated by...………………….?
Russia?
Edit:
At first I did wonder whether it was a scam to get me to log on to the email and get caught out. After hearing from you all above I'm somewhat relieved it wasn't a scam.
Last edited:
Leighb
Well-Known Member
I have also had the e-mail. Hopefully I am not affected as altho' my last "transaction" with them was in August, it was just the exchange of a switch I had bought from them a month earlier that turned out to be faulty, so no actual card involved between the relevant dates. I will still keep an eye out though.
Cockaigne
Well-Known Member
If only we'd known sooner. Think of all the boats/toys we could have bought, and explained away to our better halves as a result of this!
:encouragement:
Cockaigne
Well-Known Member
I telephoned my credit card company, as suggested by ASAP, and they have blocked my existing card and will send me a new one.
No more than a minor inconvenience and good of ASAP to tell us about the security breach.
No more than a minor inconvenience and good of ASAP to tell us about the security breach.
Heckler
Well-Known Member
I checked my account, no card lodged it says and I cant remember how I did the last transaction, it might have been Paypal
Just checked it was
Last edited:
D
Deleted member 36384
Guest
Thanks for that prompt, I checked and don't have any cards saved to their account holders information page. Their website account holder page where credit card information is stored has 'sage pay' integrated, which is a bit worrying. Sage are supposed to offer secure payment solutions and fraud screening.
If folks have an ASAP web account then they can check order history. In my order history I had an old 'processing' order and it showed the last 4 digits of my credit card and expiry date of the credit card (expired). On an order that had been completed, it showed my address but not any credit card details.
If you have 'processing' orders in the ASAP web account, then perhaps the data could be harvested from their as that section of the web page may be outside of the secure payment process.
Last edited by a moderator:
