UK ISP Namesco
, which appears to be slowly phasing out its fixed line broadband packages in favour of a greater focus on webhosting services, confirms that a "small number
" of its customers have been affected after hackers broke into their system
and stole vital personal details including credit card information.
As if that wasn't bad enough the security warning email that Namesco
later issued, which was only sent to "those customers who may have been affected
" and linked to a site that many people didn't recognise (http://t.dadacommunication.com/xxxx
), read so much like a fake phishing email
itself that a number of people initially chose to ignore it.
Most seasoned web surfers have trained themselves to disregard messages that ask for you to change your personal details and start like this: "This email is a genuine security communication from Namesco and contains important information about your credit card details; please do not treat this as SPAM.
Namesco Statement (The Register)
"Asking customers to cancel a payment card and change password was not a decision that was taken lightly, but we felt it critical to give customers the facts. We're obviously very sorry if our email was mistaken as phishing, but we'd expect customers to doubt the contents of any email when the information directly relates to their personal data.
We have already implemented new security enhancements that strengthen our network infrastructure against criminal activity of this nature and remain dedicated to providing a high level of service that puts our customers first."
In fairness Namesco
does appear to have acted quickly, even though its initial warning notice was somewhat botched. The ISP has also notified the Information Commissioners Office
(ICO) of the breach, although they need not worry too much about that as the ICO isn't terribly effective at chasing private firms.