Be aware that the following companies are all part of Autodoc. Whether these other subsidiaries share the same database and are therefore exposed too I can't say, but it's probably a safe bet to assume they were.
autodoc.co.uk
bestpartstore.co.uk
buycarparts.co.uk
onlinecarparts.co.uk
Therefore I always recommend using an email alias for online shopping with organisations you don't trust well enough, so that you can always switch it off / delete it if necessary. A consequence of the stolen data is that you may likely receive scammer emails using your real details from data stolen from Autodoc, in order that they can convince you to provide more secure information to scam you. So beware!
I will post the Email for members to read:
CYBER SECURITY INFORMATION
Cyber attacks on companies and authorities are currently on the rise. Even with the implementation of professional security measures, attackers unfortunately succeed again and again in gaining access to the data and know-how of the organisations concerned. We are contacting you today because unfortunately Autodoc has also suffered a cyber attack.
1. WHAT HAPPENED?
Our cybersecurity team registered an attack in which the criminals managed to gain access to an internally used communication tool. Through this channel, the attackers were able to view personal data in the central customer management software and possibly copy it.
The cybersecurity team was able to promptly detect and stop the attack and prevent further data leaks, but unfortunately, based on what we currently know, it cannot be ruled out that your data was viewed and copied by the attackers.
The data concerned are extracts from the customer master data stored in the customer management system, in particular title, surname, first name, street, house number, postcode, city, country, email address, telephone number (mobile and/or landline) and the internally assigned customer number.
No other data is affected, in particular no access data, passwords, credit card data, bank data, credit balances, or order details.
All necessary measures were immediately taken by our experts and the forensic investigation of the cyber attack is ongoing. Our data protection team is working in coordination with the cybersecurity team on the legal processing and has initiated the necessary legal steps; the competent data protection supervisory authority has already been informed about the attack.
2. POSSIBLE CONSEQUENCES FOR YOU
The attackers or third parties to whom the information may have been passed on by the attackers are not able to access your customer account with the data in question, and no orders can be placed or data changed. It is also not possible to reset the password for the customer account, since this is done via your personal email account and its access data is known only to you.
However, it is conceivable that the data could be used to try to find out further information from you, for example by sending scam text messages, calls or emails, using the real data to fraudulently obtain confidential information as passwords or TANs (known as phishing). It is also possible criminals may also impersonate you in order to gain an advantage for themselves or others or to harm you (i.e. identity theft).
3. OUR MEASURES
Our cyber security team reset all access data for the customer management system. Affected computers were forensically analysed and reset. If the internal communication service was affected, the access data was also reset. From a technical point of view, access to the customer management system was significantly strengthened by the introduction of new transport encryption measures and the connection filter configuration set to be stricter.
From an organisational point of view, as a precautionary measure, certain verification procedures are no longer being used in the customer care area and all employees with customer contact have been informed and sensitised accordingly.
We are keeping a close eye on the internal investigations and other developments in connection with the incident and will immediately initiate further measures if new findings make this necessary.
4. MEASURES WE RECOMMEND YOU TAKE
In future, you should be particularly vigilant if someone asks you to transmit or disclose data by telephone, SMS or email. Therefore, please check all communications you receive, even in time-critical situations, and do not open any attachments or links if you are not completely sure that it is an authentic transaction. If in doubt, you should always choose not to perform the requested action. Do not disclose confidential information to strangers. Remember that, as a rule, service providers, traders, and banks do not request confidential data. Neither is it normal for IT or software companies to contact you unsolicited by telephone to attend to alleged emergencies and demand urgent action from you. Never act in such cases without first seeking reassurance from a source that is undoubtedly authentic and reputable.
If an unknown party tries to put you under time pressure and threatens you with urgency, tries to exploit relationships of superiority/subordination or makes unrealistic promises – do not do what they are asking. Please also talk to friends and relatives so that they are not scammed by someone assuming your identity.
5. CONTACT
If you have any questions, please contact us at:
Autodoc AG
Josef-Orlopp-Straße 55
10365 Berlin
Fax: 030 208 478 250
Email: privacy-policy@autodoc.de