back to article We're not Mr Brightside: Asda Car Insurance broker hacked

No customer data was exposed after the firm behind Asda Car Insurance was hacked, said the broker as it explained why the ACI website went offline earlier this week. Reg reader and Asda Car Insurance customer Arthur forwarded us a notice he received from Brightside Group, who provide white label insurance products for Asda and …

  1. Anonymous Coward
    Anonymous Coward

    Default Comment

    Your information has not been exposed.

    In Reality:

    We have no idea what happened, but I doubt they were here to steal the lunch rota.

    1. Phil W

      Re: Default Comment

      Quite. It's annoying when they say this so early on, they can't possibly know the impact or scale of the breach so soon.

      I'm not a customer of any of their sites but if I were in the event of breach I would be happier to be told "At this time we are confident that no customer data was accessed, but are performing a thorough investigation to verify this. We will inform you if any of your data is affected." than to be told my data isn't affected initially and then told it is later.

      1. Anonymous Bullard
        Holmes

        Re: Default Comment

        There was no evidence of it in the log files, which where empty.

      2. John Tserkezis

        Re: Default Comment

        "Quite. It's annoying when they say this so early on, they can't possibly know the impact or scale of the breach so soon."

        Coming "clean" so soon, is better for business in the long run, than the alterative: Don't say a damn thing, and wait for someone else to report credit card records and other personal information were stolen.

        But if you think that no-one will ever find out, then the second 'don't say a damn thing' response is the preferred.

        It's all about damage control, that is, *theirs*, they don't actually care about end users unless those end users find out.

  2. Anonymous Coward
    Anonymous Coward

    also applies to E-Car , E-Bike etc

    I got the same email from them.

  3. Anonymous Coward
    Anonymous Coward

    Flybe

    At least ACI have come clean.

    I'm convince Flybe has been breached recently as I've started receiving some spam (not a lot - yet) to an address I only use with them. They don't publish a straightforward customer services email address so I've sent an email to both their tech support AND Data Protection ones, and have so far heard bugger all back. So either they're keeping stumm, are too clueless to know, or quite possibly no-one actually monitors those mailboxes!

    1. VinceH

      Re: Flybe

      "I'm convince Flybe has been breached recently as I've started receiving some spam (not a lot - yet) to an address I only use with them."

      Was that address of the form flybe@domainname ?

      I used to adopt addresses like that when handing them out to companies, websites, etc - but I'm not sure they're a valid way to monitor and control an address. I think some spammers may be trying common company names @knowndomainnames in order to get their crud to people like us.

      I now generate a unique 7 - 10 character string to go before the @, with certain (undisclosed) characteristics so I can recognise if its an email I genuinely gave out, and check my records to see who to.

      I think using this approach (for now at least) I'm less likely to falsely accuse CompanyXYZ of letting my email address out of the bag when, in fact, it was just pure bad luck that a spammer chose their name @ the domain I use for this.

  4. A Non e-mouse Silver badge

    The Brightside Group is confident that the integrity of its network and system remains secure and compliant

    Er, if your systems are secure and compliant, how did you get hacked? And what have you done to prevent the same thing happening again?

    1. Stretch

      re: A non e-mouse

      Zero Days? Shellshock? Social Engineering? Any of the above.

      I'd ask "Compliant with what, exactly?".

      TBH their response should be contrasted with recent mass-theft of CC data from major retailers, where they lost it, didn't know they lost it, and then didn't admit they lost it when they found out.

      1. VinceH

        Re: re: A non e-mouse

        I'd ask "Compliant with what, exactly?"

        All that was deemed necessary in 1996.

      2. MLT

        Re: re: A non e-mouse

        time-based SQL injection

  5. Neil Barnes Silver badge
    Headmaster

    ...which you are or have been a valued customer of.

    If they can't manage the grammar of English, should we trust their code?

    1. Anonymous Coward
      Coat

      Re: ...which you are or have been a valued customer of.

      Where's my red pen.

    2. Hatters

      Re: ...which you are or have been a valued customer of.

      Gramatically speaking, we don't manage the grammar of English. We manage our use of English Grammar. :)

      1. Neil Barnes Silver badge

        Re: ...which you are or have been a valued customer of.

        Yes, I *should* have said 'manage the grammatical constructs of' but I changed my mind half way and forgot to change it.

        I think there's a rule about that, when you make a grammar post!

  6. Mark Jan

    ...which you are or have been a valued customer of.

    I've never been a customer but did request a quote once upon a time. If they don't know their customers from their never been customers, how can we be sure they know anything really?

  7. Hatters

    Keep calm and change insurers.

    Given that information is held in databases , and records held in tables, it is most likely that the whole schema was exposed , i.e. all tables , all records. I doubt very much exposure was only to a few records. Shellshocked ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like