I got the following message from their parent company a few days ago, it says only the email address, first name and last name were compromised:
"Dear Customer,
At Worlds End Motorcycles Ltd, we respect the privacy of your personal data, which is why we are writing to let you know about a data security incident that potentially involves some of your personal data. This does not include any card or payment information as we never store these details.
On Dec 10th, 2021, we were made aware of a potential breach of the data that we hold with our service provider. The data accessed may have included the following types of personal information:
Email address, first and last name
We deeply regret that this incident occurred. We are fully investigating the issue with our Service Provider to ensure that no such breach can occur in the future.
We have implemented additional security measures designed to prevent future attacks and to protect your personal information and the privacy of our customers. You do not need to take any action following this email.
Sincerely
The Worlds End Group
Wemoto and WMD-Online are trading names of the Worlds End Group
Their announcement doesn’t say if they’ve reported the incident to the ICO or not. They are legally obliged to do so. Looks like they’re not meeting other obligations either, such as providing contact details for more information.
I’d wager they had to be honest. As this is out there if it is found they had not reported it the ICO would almost now certainly find out and take them to the cleaners.
This being said, if all that got out was your 1st and 2nd name and email address. All of that is readily available anyway so I suspect the ICO will just offer guidance and not much more.
I’ve bought from them 6 months ago, haven’t received an email either. I also have a registered account with them. In addition to the name and email, you can save in your account the delivery address and phone number. I wonder why those were not compromised.
If it only includes name and email address then maybe it was just a newsletter database that was compromised, and which may be why only certain customers are affected?
But yes, if the hack was detected while the data was being downloaded then the connection could be cut so it is possible they could only have part of the list.
Depending on the speed of the connection and the size of the data you can very easy interrupt a download midway through.
And also whatever rules the firewall may have. It was intentional that I never said that someone detected the hack. Not my firewall, but I have had a situation before where midway through something it triggered a rule and locked me out.