Anyone else got an email from TV Licensing today, about a security incident with their website?
Looks like some data input into their website between 29th August and 5th September, including some bank details, may have been unencrypted, and so susceptible to intercept. See below:
We take the security of your data very seriously. That’s why it’s our normal practice that when you make payments or send us financial or other personal details through our website, the data is encrypted to keep it safe.
While there is no evidence that our website has been subject to any sort of attack or that the security of your data has been compromised, we recently discovered that for a limited period – from 29th August until 5th September 2018 – some transactions carried out on the website were not as secure as they should have been.
As soon as we discovered this issue – which was introduced inadvertently during a routine upgrade of the site – we took the website offline and fixed it.
We believe the risk of anyone else having seen information sent through to our website during that period is low, but because we take a very cautious approach and believe you may have used the website during this period, we want to tell you what happened and what we recommend you do as a precaution.
We know that during this short period, transactions using credit or debit cards were still encrypted. However, where people have submitted personal data such as their name and address, or where they gave us bank details (a sort code and account number) – for example while setting up or amending a direct debit – in some cases this information was not encrypted when it was transmitted between your computer and us.
The chances of anyone having accessed information, even if it was not encrypted, are very small because it would involve them intercepting your communications with the website – similar to tapping a phone call. This is very unlikely to have happened and we have found no evidence of data being accessed like this.
Nevertheless, if you sent us bank details during this period, particularly if you used an internet connection you don’t trust, as a precaution we’d suggest that you check your bank account to ensure there are no transactions you haven’t authorised, and check that your direct debits haven’t been amended in any way. If you detect any suspicious activity on your account, please contact your bank or building society urgently.
We’re really sorry this happened, but want to assure you that the risk to you is low and we’ve taken action to ensure it doesn’t happen again.
If you have any further questions, then please call us on: 0300 790 6035.