Fortnum & Mason data breach: 23,000 customers' details accessed

‘No-one’s bank details or passwords have been involved, and money and accounts are safe,’ says Queen’s grocer

Ben Chapman
Monday 02 July 2018 13:09
comments
The 310-year-old grocer fell victim to a hack affecting a company that created a form for its website
The 310-year-old grocer fell victim to a hack affecting a company that created a form for its website

The data of thousands of Fortnum & Mason customers, including addresses and contact phone numbers, has been accessed after a breach on a form on its website.

The 310-year-old food shop, known as the “Queen’s grocer”, has become the latest company to fall victim to an attack.

About 23,000 people who filled out a survey or took part in an online competition have been affected, Fortnum & Mason said.

The poll had been organised by Typeform, a company specialising in creating surveys and forms. Typeform discovered on 27 June that an unknown third party had accessed its server and downloaded information. “We responded immediately and fixed the source of the breach,” the company said.

For the majority of people affected, only an email address was accessed, Fortnum & Mason said, but for a “smaller proportion” other data such as address, contact number and social handle was included.

The company added: “No one’s bank details or passwords have been involved, and money and accounts are safe.”

All those affected have been contacted and there has been no breach of Fortnum & Mason’s own website or database.

“We have disabled any and all Typeform forms existing on our website and will not work with Typeform until we are assured that; there is no further risk, that all our data has been removed from their servers and that their security measures have been improved,” the department store said.

“We have been informed that Typeform have fixed the root cause and are undertaking forensic investigations.”

Typeform provides services to a number of organisations including Apple and Airbnb.

In Australia, the electoral commission for state of Tasmania was also hit by the breach.

The names, addresses, emails and dates of birth of voters who applied for an email or fax express vote may have been accessed, the commission warned.

News of the attack broke just days after Ticketmaster revealed it had been hacked.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments