23,000 Fortnum & Mason customers hit by data hack
THE Queen’s grocer Fortnum & Mason has become the latest household name business to suffer a major data breach after being targeted by hackers.
The 311-year-old store warned about 23,000 customers that details including email and home addresses and social media handles had been accessed. Most of those affected had entered their details online when voting in the TV personality of the year category at the store’s food and drink awards. The poll had been organised by specialist survey and voting company Typeform.
Smaller numbers had their details hacked after they entered a Fortnum-run competition for tickets for an exhibition of Charles I’s art collection or filled in a survey on the Piccadilly store’s concierge service. Fortnum & Mason chief executive Ewan Venters told the Standard: “As soon as we were alerted over the week- end we spent time with Typeform looking at what exactly could be at risk. Thankfully it’s mostly limited to email addresses. There’s no impact on the core systems at Fortnum or highly sensitive information like bank details.
“I want to stress that there’s no concern about any banking information or credit card data. We have very vigorous pressure testing on core Fortnum & Mason data services.” The hackers are thought to have accessed Typeform’s backup file. As soon as the breach was detected the link between Fortnum and Typeform was shut down. MrVenters insisted there was “no suggestion Typeform is not a good, reputable company”.
The Barcelona-based company’s clients include Apple, Uber, Airbnb, Nike and digital-only bank Monzo, which said about 20,000 users were affected.
Monzo said: “For the vast majority of people, this was just their email address. For a much smaller proportion, this may have included data like their Twitter username or postcode... No one’s bank details have been affected, and your money and account are safe.”
Typeform said: “On June 27 our engineering team became aware that an unknown third party gained access to our server and downloaded certain information. Some data was compromised. We responded immediately and fixed the source of the breach.”
It is the third major breach in a week following similar incidents at Ticketmaster and Adidas.