Jimmy Green website has been hacked - important email from them

[wonkywinch]

Thought I would share this as there must be loads of JG customers on the forum:

Jimmy Green - Important Security Notice

Important Security Notice​

We emailed you to advise of a security incident on our website involving one of our third-party payment service providers. As you recently made a purchase with us using this payment gateway, we want you to have all the details you need to protect yourself.

What happened:​

On Monday the 29th of September, our payment gateway host detected unauthorised access to the website server. Code designed to harvest data during transfer to the payment provider was inserted into the site. The code was obfuscated to enable it to remain undetected by our cyber security team.

What information was involved:​

Based on current findings, your house number, post code, card number and expiration date could have been harvested.

Please note, Jimmy Green Marine do not collect or store full credit card information on our servers, and your Jimmy Green account credentials (username/password) were not impacted.

What we are doing:​

• We immediately suspended use of the compromised gateway and switched to a secure alternative.
• We are working with the provider, cybersecurity experts, and law enforcement to fully investigate the breach.
• Out of caution, we suggest enrolling for a free thirty-day trial with an identity protection provider such as Norton. Identity Protection Services | Norton Identity Advisor Plus

What you can do:​

• Review your recent bank and credit card statements for any unusual charges since your transaction with us.
• Contact your card issuer right away if you notice unauthorised activity.
• Consider requesting a replacement card for extra peace of mind.
• Visit the Citizens Advice Bureau for more guidance on protecting your information Banking – security and fraud

We understand how concerning this news is, and we are deeply sorry that this happened. Please know that securing your information and maintaining your trust is our highest priority.

If you have questions, please contact us via email sales@jimmygreen.co.uk to request a call back.

Thank you for your patience and understanding as we work diligently to resolve this.

Yours sincerely

James Green

Director

 

[Boathook]

I feel sorry for Jimmy Green marine.

I haven't purchased recently from them, so the incident doesn't affect me but I have found them in the past and hopefully future very helpful.

 

[wonkywinch]

Their email was a prompt to tidy up all my passwords. I generally use a unique password for every site I visit but there are some legacy ones where I wasn't so careful so I have spent most of the day changing passwords and storing them in my password manager.

For accounts I'm not likely to use anymore, I have changed the password then clicked "delete account" so that the last stored password isn't one that is likely to be hacked and also won't work anywhere else.

A useful site for checking where your email/details may have been compromised is Have I Been Pwned: Check if your email address has been exposed in a data breach

 

[mjcp]

Their email was a prompt to tidy up all my passwords.

And while we are all at it, enable MFA / 2FA / 2 Factor authentication methods on everything and anything that will support it! (I note that YBW now supports it)

M

 

[Wandering Star]

Out of curiosity I just checked the link provided by Wonkywinch to see if my email address had been compromised and it identified it had, at different periods via 3 sources - Twitter, Edmodo & Dropbox. I’ve never subscribed or used any of them so how can that be?