Just got this email:
Dear Burning Shed customer
We are sorry to inform you of a security breach here at Burning Shed that has resulted in the unauthorised disclosure of your personal data. We felt it was important to let you know this as soon as we were able to confirm it.
If you have used the same password you used on burningshed.com anywhere else, please change it immediately.
The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018.
A hacker managed to download a section of our customer database. This consisted of some email addresses, plus the encrypted passwords for those email addresses. Our IT experts do not believe that postal addresses or any other information was accessed. However, we know that the hackers did decrypt some of the account passwords, including yours.
We can however guarantee that no payment information of any kind was compromised as part of this breach. We do not hold any of your credit card or PayPal details on our database. They have not been compromised. You do NOT need to cancel your credit card or PayPal account.
We have taken the following steps to mitigate any adverse effects:
1) On Friday 17th April we engaged a top expert who specialises in data security and they are fixing the problem that caused this breach
2) Together with the security expert we have carried out a full security review and made changes to the website to secure your data for the future. This will include strengthening the way passwords are encrypted, moving all data to a new host (as a precaution)
3) We have taken the Burning Shed site offline for maintenance in order to complete the security updates. This means that we will not be taking any orders for approximately 48 hours as of today and you will need to change your password when this is complete.
4) When the website re-opens all account passwords will be re-set and we will tell you how to log in so that you can change your password to something new. Please do not re-use your old password.
Once this immediate work is completed and the site is brought back up, Burning Shed will be conducting significant additional follow-up work to ensure the system remains secure in the long-term.
Once again, we are very sorry that this has happened. We informed the Information Commissioner's Office on the 20th of April 2020 and will comply with whatever recommendations they might make.
We hope that this will not stop you from continuing to support us and the artists/labels we work with.
Yours sincerely
Pete Morgan
Director
Burning Shed Limited
Unit B, Yarefield Park
Old Hall Road
Norwich NR4 6FF
__________________
telephone: 01603 767726
burningshed.com
Dear Burning Shed customer
We are sorry to inform you of a security breach here at Burning Shed that has resulted in the unauthorised disclosure of your personal data. We felt it was important to let you know this as soon as we were able to confirm it.
If you have used the same password you used on burningshed.com anywhere else, please change it immediately.
The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018.
A hacker managed to download a section of our customer database. This consisted of some email addresses, plus the encrypted passwords for those email addresses. Our IT experts do not believe that postal addresses or any other information was accessed. However, we know that the hackers did decrypt some of the account passwords, including yours.
We can however guarantee that no payment information of any kind was compromised as part of this breach. We do not hold any of your credit card or PayPal details on our database. They have not been compromised. You do NOT need to cancel your credit card or PayPal account.
We have taken the following steps to mitigate any adverse effects:
1) On Friday 17th April we engaged a top expert who specialises in data security and they are fixing the problem that caused this breach
2) Together with the security expert we have carried out a full security review and made changes to the website to secure your data for the future. This will include strengthening the way passwords are encrypted, moving all data to a new host (as a precaution)
3) We have taken the Burning Shed site offline for maintenance in order to complete the security updates. This means that we will not be taking any orders for approximately 48 hours as of today and you will need to change your password when this is complete.
4) When the website re-opens all account passwords will be re-set and we will tell you how to log in so that you can change your password to something new. Please do not re-use your old password.
Once this immediate work is completed and the site is brought back up, Burning Shed will be conducting significant additional follow-up work to ensure the system remains secure in the long-term.
Once again, we are very sorry that this has happened. We informed the Information Commissioner's Office on the 20th of April 2020 and will comply with whatever recommendations they might make.
We hope that this will not stop you from continuing to support us and the artists/labels we work with.
Yours sincerely
Pete Morgan
Director
Burning Shed Limited
Unit B, Yarefield Park
Old Hall Road
Norwich NR4 6FF
__________________
telephone: 01603 767726
burningshed.com