AnyVan, a provider of delivery, transport and removal services in Europe, said it has fallen victim to a data breach involving theft of customer data.
According to an email to impacted customers, the data breach was discovered on New Year’s Eve.
“This leaking of data came to our attention on the 31st December but we understand the incident itself occurred at the end of September,” AnyVan said. “As soon as the incident came to our attention, our specialist IT team investigated it and have since taken the following remedial action: all passwords have been changed.”
The stolen data was up for sale in mid-December on an underground forum as part of a trove of 386.8 million user records from 26 companies, including AnyVan. As reported by BleepingComputer, the exfiltrated data from Anyvan.com included 4.1 million user records.
While the company did not say how many customers were affected, it did mention that the perpetrators accessed full names, emails and hashed passwords.
What should AnyVan Customers do? The notification letter offered no measures besides regularly changing account passwords.
In a statement to technology news website The Register, AnyVan explained why they did not contact the Information Commissioner’s Office (ICO) regarding the security incident, emphasizing the “low risk” and nature of exposure data.
“However, any matter involving customer data and privacy is taken extremely seriously and as such we have conducted a thorough review, engaged with third-party technical consultants, put additional security measures in place, and of course notified potentially affected customers,” the statement reads.
Although the leaked data may seem meaningless at first, cyber-crooks may still use the information in phishing campaigns in an attempt to gather financial data.
Users should closely monitor their Inboxes for unsolicited emails and report any suspicious activity or requests for additional personal information from individuals claiming to be AnyVan representatives immediately.
Were you a victim of a data breach? Time to find out with Bitdefender’s Digital Identity Protection tool.