LoqBox Cyber Attack

I don’t buy it. If they wasn’t smart enough to keep credit card information on separate system (since it’s not ever shown anywhere on website) I doubt they kept password hashes elsewhere.

I wonder if ICO will fine LoqBox?

Potentially yes, under GDPR rules the fine can be pretty big.

I guess it’ll depend on the circumstances behind the breach, what security they had in place, how up to date was their software and security patches. How did the hackers get into their systems etc.

I’d anyone would like to Sue LoqBox they have provided me with their adresss.

LOQBOX, Bridgewater House Finzels Reach, Counterslip, Bristol, England, BS1 6BX

Wouldn’t bother. Just looked at their accounts and any kind of fine will leave them with nothing

If you get in early , you might get a couple of hundred quid out of court settlement :man_shrugging:

Did they specify an amount?

Nope, they said they will get back to with the amount in 20 days, after ICO has run it’s investigation.

1 Like

They obviously wouldn’t pay compensation to everyone affected, wouldn’t they?

Depends if you say you take them to court, by the looks of it DDC FINANCIAL SOLUTIONS will bail them out.

I just asked them about getting my money out for free in case I decide so and got quite straightforward reply:

Hi Arseniy,

Thank you for your email and for taking the time to reach out to us about this. We’re really sorry for the inconvenience this has caused you.

We will happily agree with the option to you to redeem your LOQBOX funds for free to your existing bank account if you choose to continue with it.

Please be assured that we immediately took steps to protect the system and your personal information. We also appointed cyber-security experts to help us find out how it happened and whether our customers were at risk. We have already implemented their suggested actions to further improve the security of the computer system.

We are again extremely sorry that you have been affected by this. If there is anything further that we might be able to help you with please be in touch.

Kind regards

Though I have neither desire nor time to actually go to court against them. As other stated they’ll more likely end up bankrupt if there going to be meaningful compensation and if not then few extra hundreds wouldn’t worth my time.

They told me the 1st 2 digits of my bank account number were exposed along with name address d.o.b, phone number etc. Am furious

@davidbrockway Do you have a template you sent them to get your money back without paying the £30? (Not the ICO one) I imagine if i said i dont want to pay the £30, they would shrug me off so im figuring out how to word it properly.

Thanks

Am I the only one who has never heard of LOQBOX??? :man_shrugging:

Thankfully, by the look of it.

1 Like

No. I’d never heard of it either. I wouldn’t have used it if I had known about it.

Like a lot of online ‘services’ that come and go.

1 Like

Just took a look at the website and I agree, not a service that I would subscribe to either.

Seems to prey on people’s fear about this fictional credit score that seems to influence many in to trying to increase, like it is a computer game and you need the highest score! :man_shrugging:

They should be offering people free CIFAS registration to help protect people from identity theft.

When equifax was hit they lost some of my details and it was something they offered and advised I take up.

I would also suggest setting up a new email address, as you’ll potentially get more phishing emails, I certainly did and still do.

I would also keep a watch on all your credit files to ensure no new credit is taken out. Again after equifax, this was something that I was advised to do.

Guys, thank you for all the advice and the template, I trully appreciate.

As for the password hashes - I’m quite sure they have been stolen as well and if this is the case and they lie to the public about it - we all probably should think of suing them together. Afterall, almost everything that needs to apply for a credit card has been stolen! It isn’t a joke anymore.

For those of you (if any), who has the same password for LoqBox and your email I’d strongly recommend to change the email password immediately.

The ICO would get the independent incident report, and if hashes were stolen and they didn’t say it would look worse.

1 Like

Thanks for the advice! Happily it was N26 and they’re leaving the UK anyway :slight_smile:

Hi Matt,

No just threaten court action to customer support.