Workplace pension provider Now:Pensions was hit by a data breach that affected about 30,000 customers who signed up for the pension products.
The leak involved not just the names of the customers but their email addresses, postal, birth dates, and National Insurance numbers. It appeared that these sensitive pieces of information were leaked in a public forum online, causing panic over fraudulent activities.
Now:Pensions emailed affected customers and warned them about the incident and the information leaked. The company clarified that only 2 percent of its customer base was affected by the data breach incident.
According to the company, the incident happened between December 11 and 14, with a third-party accessing and obtaining the customer’s data. The outside contractor is said to be the culprit, and Now:Pensions has not apologized yet.
“The data was visible only to users of that forum for a short time and was copied by a small number of unknown parties. We reported this incident to the pensions regulator and the Information Commissioner’s Office,” said chief executive Patrick Luthi.
The UK pension firm said it has taken immediate actions regarding the incident and is taking the matter seriously. Protecting the customers’ personal data is taken seriously and they are working with cybersecurity companies to handle and investigate further on the issue.
Meanwhile, some customers are reporting random calls purporting from a mobile phone provider and warning about a problem. The Guardian reports that one of the people affected said a call mentioned the National Insurance number, which is a problem in itself.
“It was obviously a scam but it appeared to be based on the fact that my details got into the wrong hands, as they mentioned my National Insurance number. This doesn’t bode well for the future, and I’m not very happy about this,” said the unnamed customer in London.
Due to the growing concern and scope of the data breach incident, Now:Pensions offered affected customers free one-year access to the Experian Identity Plus. This alerts customers of possible fraudulent activities in a person’s name.
The pension provider added that customers must be extra vigilant in opening or accessing emails they receive. “Don’t give any personal or financial information to anyone or any organization unless you’re certain they’re genuine,” said Now:Pensions.
The UK pension company also said it will review staff training and claimed the person responsible for the breach no longer has access to the user data.