UK insurance company Staysure recently began notifying 93,389 of its customers (less than seven percent of its customer base) that their encrypted credit or debit card information was stolen when the company's systems were breached in October of 2013 (h/t SC Magazine).
"In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses," Staysure CEO Ryan Howsam wrote in a statement on the company's Web site. "From May 2012 we ceased to store this data."
Following the discovery of the breach on November 14, 2013, Staysure notified the relevant card providers, the Financial Conduct Authority, the Information Commissioner's Office and the police. The company also hired independent forensic data experts to determine the extent of the breach.
"We continue to work with those groups and independent security experts," Howsam added. "We immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
All those affected are being offered free access to Experian's Data Patrol identity monitoring service.