Cashback reward program platform, ShopBack, has issued a notice of an unauthorised access to its systems which contained customers’ personal data. Although its services are still operating as usual, they are informing all customers and taking additional measures to protect its users.
According to the email notice sent by Shopback, the unauthorised access has been removed and are still confirming which data has been compromised. They have also engaged cyber security specialists to assess the extent of the incident and to further enhance the platform’s security measures.
What should ShopBack users do?
According to ShopBack, account passwords are protected by encryption but they encourage its users to reset their passwords through this link. For an extra layer of security, they recommend adding your mobile number if you haven’t already.
On top of that, ShopBack also warns against using the same password on other digital platforms. It’s worth highlighting that one of the best practices is to use unique passwords for different platforms. You can use a password manager to handle this for you.
ShopBack also reminds users to be vigilant about possible scams and phishing via emails. If you received a suspicious email, you are advised not to click or to respond, and to report it on your email platform.
What is at risk?
At the moment, ShopBack has no reason to believe that any personal data has been misused, but the possibility still exists. ShopBack assures that your cashback reward is safe and passwords are encrypted.
According to the platform, they have collected customers’ email, name, contact information, gender, date of birth and bank account numbers which are used for cash out purposes. While bank account numbers do not pose a security risk, ShopBack warns that it could be used for potential phishing attacks.
ShopBack assures that the incident has not affected its users’ cashback balances and shoppers may continue to access their ShopBack accounts to earn cashback rewards. The platform apologises for the incident and they are committed to take all steps necessary to minimise the risk of a similar incident from happening again in the future. ShopBack has informed all customers about the incident including the Personal Data Protection Commissioner.
To learn more, you can read the full FAQ.
Thanks @khainiz94 for the tip!