UK INSURANCE FIRM Staysure has admitted that its servers suffered a hacking attack that saw bandits walk away with encrypted payment card details.
The firm said that the theft was discovered last November and could affect any customers that have used its service since the spring of 2012.
The firm notified the police and relevant authorities, and its customers. Both were told around a month after the incident occurred. It gave customers advice and offered some options to ensure that their data remains safe.
"In December 2013 we wrote to a group of our customers to tell them that our systems suffered a cyber attack during the second half of October 2013," wrote CEO Ryan Howsam in a blog post.
"In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data."
Around seven percent of the firm's customers might be impacted by this, and Staysure said that it wrote to each of the 93,389 potential victims. It said that it gave them a warning and suggested that they check to see that they have not been defrauded as a result.
Staysure is offering punters credit company Experian's credit monitoring service Data Patrol, and it said that a fraud resolution service is also available via telephone.
"We immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future," it added.
"We are deeply sorry that this has happened and are working diligently to make sure that inconvenience to customers is minimised." µ
Sign up for INQbot – a weekly roundup of the best from the INQ