Wemoto got hacked

I got the following message from their parent company a few days ago, it says only the email address, first name and last name were compromised:

"Dear Customer,

At Worlds End Motorcycles Ltd, we respect the privacy of your personal data, which is why we are writing to let you know about a data security incident that potentially involves some of your personal data. This does not include any card or payment information as we never store these details.

On Dec 10th, 2021, we were made aware of a potential breach of the data that we hold with our service provider. The data accessed may have included the following types of personal information:

• Email address, first and last name

We deeply regret that this incident occurred. We are fully investigating the issue with our Service Provider to ensure that no such breach can occur in the future.

We have implemented additional security measures designed to prevent future attacks and to protect your personal information and the privacy of our customers. You do not need to take any action following this email.

Sincerely
The Worlds End Group

Wemoto and WMD-Online are trading names of the Worlds End Group

Company Reg. Nº 02592280 / VAT Nº 62 58149 28
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of the Worlds End Group. However, Worlds End Group reserves the right to use any information in this email and its attachment for training or legal purposes. If you are not the intended recipient of this email, you must neither take any action based upon its contents nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.
Copyright © 2021 Worlds End Group, All rights reserved.
You are receiving this email as you have previously placed an order with us and provided your email address."

Unfortunate, but oh so common nowadays.

Their announcement doesn’t say if they’ve reported the incident to the ICO or not. They are legally obliged to do so. Looks like they’re not meeting other obligations either, such as providing contact details for more information.

TIL what the WE of Wemoto stands for

No email for me. Maybe coz I’ve not bought from them in the last couple of years??

I always thought it as We’Moto like toys’r’us

I’d wager they had to be honest. As this is out there if it is found they had not reported it the ICO would almost now certainly find out and take them to the cleaners.

This being said, if all that got out was your 1st and 2nd name and email address. All of that is readily available anyway so I suspect the ICO will just offer guidance and not much more.

I’ve bought from them 6 months ago, haven’t received an email either. I also have a registered account with them. In addition to the name and email, you can save in your account the delivery address and phone number. I wonder why those were not compromised.

Maybe only part of their database was compromised and they are only contacting the ones affected.

I told 6 mates. All have used them but none notified.

If it only includes name and email address then maybe it was just a newsletter database that was compromised, and which may be why only certain customers are affected?

I got the email, but dont get the newsletter.

I don’t know how these work, could they have only lost half a list?

Oh well, just a thought!

But yes, if the hack was detected while the data was being downloaded then the connection could be cut so it is possible they could only have part of the list.

Umm, you know computers are faster than humans, right?

Depending on the speed of the connection and the size of the data you can very easy interrupt a download midway through.

And also whatever rules the firewall may have. It was intentional that I never said that someone detected the hack. Not my firewall, but I have had a situation before where midway through something it triggered a rule and locked me out.