LoqBox Cyber Attack

Slightly corrected mail I sent them:

Dear Sir or Madam!
My LOQBOX reference number is:

Today I got email regarding my personal information leak and I’m very concerned about it. While I’m understand such problem could affect any company I started to evaluate option to close my account in near future. On other side I don’t want to close it immediately because closing it too soon will certainly leave me with negative footprint on my credit history.

From the beginning I was planning to just open another current account using your referral and unlock for free, but honestly I no longer trust your company to give you any more of my banking account information.

So I want to have an option to take my money back without paying that fee in case I actually see any phishing attempts on me. Of course hope this not going to happen and I can actually benefit from having some fully-paid loan on my credit history.

Kind regards,
Arseniy

I also mentioned that I don’t have plan to sue at this moment, but you obviously don’t need it.

While you absolutely can sue them I don’t think that you need to mentioned it really. They promised me free withdrawal without any treats.

It might be more benefitial to send an official looking letter straight away, because if you just ask politely, you’d likely get this:

Hello Andy,

Thank you for your email.

We’re really sorry for the inconvenience this has caused you, but I hope the information below will be helpful.

We are very sorry that this incident has caused you worry and concern. We are not currently offering compensation in respect of this incident. However, please outline the reasons that you believe that you are due compensation in as much detail as possible. We will assess your request and respond in accordance with the time frames set out in your complaints policy.

Hopefully this answers your question but if there is anything further that we might be able to help you with, please be in touch.

Kind regards,

mind you, I have never asked of any compensations, just asked them to get my money back for free cos they lost my personal data.

So now, after this email, I might be more inclined to sue them after all.

The solicitor I spoke to said the following, we need to wait for ICO, then send them this template fill it out send it to LoqBox, then we can begin legal action.Tho LoqBox will do everything they can to stop legal action as they have said on mu complaint.

[Your full address]
[Phone number]
[The date]

[Name and address of the organisation]
[Reference number (if provided within the initial response)]

Dear [Sir or Madam / name of the person you have been in contact with]

Information rights concern
[Your full name and address and any other details such as account number to help identify you]

I am concerned that you have not handled my personal information properly.

[Give details of your concern, explaining clearly and simply what has happened and, where appropriate, the effect it has had on you.]

I understand that before reporting my concern to the Information Commissioner’s Office (ICO) I should give you the chance to deal with it.

If, when I receive your response, I would still like to report my concern to the ICO, I will give them a copy of it to consider.

You can find guidance on your obligations under information rights legislation on the ICO’s website (www.ico.org.uk ) as well as information on their regulatory powers and the action they can take.

Please send a full response within one calendar month. If you cannot respond within that timescale, please tell me when you will be able to respond.

If there is anything you would like to discuss, please contact me on the following number [telephone number].

Yours faithfully
[Signature]

(We need to send this to LoqBox before we can begin to report them to ICO, then take them to a small claims court for the data breach as outlined in https://www.which.co.uk/consumer-rights/advice/my-data-has-been-lost-what-are-my-rights

It gets even wrose, I was speaking to someone about the breach and found this out,

First 4-6 digits outline the type of card. Last 4 may be kept on record to update you on billing errors (“your card ending 3491 is expiring soon, please update” for example). Interestingly for some cards you can figure out digits 7&8 based on the type of bank. Now your down to 4

Still those details will likely be split across different databases or stored in alternate ways. For example: RBS UK debit card = 4751 1700 for the first 8 digits for most people. You don’t need to store the digits for it to be computed

Last digit is a checksum too and card numbers use Luhn algo so, again, you can fairly straightforwardly discount a lot of numbers.

This doesn’t account for CSV or Exp dates (and my experience is purely with UK cards)

• Scoot MrGready

It seems they can work out the debit card details, and many other infoamtion.

Is it easier to make a class action or should we act individually? Because I didn’t like their response even a little bit and I’m ready for action.

I think, if we was to sue them all together it would be the end of LoqBox. But individual cases could end LoqBox too.

LoqBox,

Outright failed to protect our data, not even change passwords tell us 8 days latter, gotta love GDPR.

ICO will publish its report soon.

I am using https://www.hutcheonlaw.co.uk/claims/data-protection/ no win no fee, they take 35% of the compensation tho.

Fired off my email. Thanks for the advice guys.

I read that when I first started loqbox 9 months ago, if you choose to unlock early, loqbox “pay” the remaining balance of the “loan” so it wont have an effect on your credit report.

Did i read that right? As I cant find that information now.

Its a strange system

LoqBox will the set the Loan as settled, that all you can withdraw the funds anytime.

I’ve decided to try to save the money first and think then. Let’s see if they have any money at all, let alone saving £30.

Hello Andy

You’ve successfully redeemed the savings you’d paid into your LOQBOX so far. We’ll be paying them into your account in the next few days.

We’re sorry to see you go.

We’ve cancelled your recurring LOQBOX payment and closed your online account with us.

Goodbye,

The LOQBOX team

Andy,

Now try and get compensation use https://www.hutcheonlaw.co.uk/claims/data-protection/, no win no fee if you win they take 35%.

@davidbrockway thanks mate, I’ll read this first thing in the morning

No problem, 30% example £2500, 30% is £750 small price to pay but you get compensation.

They claim they have bank level encryption which is clearly a lie. They emailed me at 5pm on the 29th Feb. Which is 9 days after the cyber attack

Personally I hope they go under. So I hope everyone gets their money out beforehand or they will probably end up losing it

Having bank level encryption does not mean you cannot be hacked, it’s better to wait for the ICO report and that should detail more about how they were hacked and the entry point.

As for debit cards I would advise asking for new cards to be issued, in theory you need the CV2 number to use the card online and they won’t have the card physically.

It’s better to wait for the ICO report before any private civil action as this could add weight to any private action, especially if the breach was down to something they could have done to prevent this.

They key to any action is the vector used to hack the company and whether the breach could have been prevented. Pretty much anything can be hacked with enough time and effort, if it’s not prevented.

It’s amazing how many people want to sue before any form of official report. It’s almost like they wanted out of their contracts and this is an easy way.

As I recall, the form letters used above do make reference to the fact that no action will take place until the ICO have investigated.

The degree of the breach will also be considered; there’s a lot of different information leaked, which is very poor.

To be fair, if I was with a company that lost this much of my personal information in a breach, I’d want out as well. I can’t blame people for saying “I’ve lost trust in you and can’t go on”.

I have completed the legal paper work, with hutcheonlaw via .pdf, expecting a call Monday to processed with legal action,

Suggest others do the same LoqBox outright failed to protect our data.