Dear Which?,
I have travel insurance with Saga, which I recently renewed. One evening in January I received an email purporting to be from Saga, telling me to update my payment details. The email included part of my card number.
Instead of responding, I contacted Saga. It confirmed that there had been a data breach of my address and card details along with a ‘small number’ of other customers.
I’ve had to cancel my bank card, but what does this breach mean for me going forward?
Name and location suppliedFaye Lipson, Which? senior researcher, says:We contacted Saga for a comment, and a spokesperson told us it has ‘worked with the police and all relevant authorities to understand what happened and to resolve the incident,’ which it now believes is ‘fully contained’.
It added: ‘We have contacted all the customers affected and advised them on the steps they need to take. Saga does not store any payment card data in our systems, in line with PCI standards, and we have not found any evidence of a breach of our database IT security systems.’
You have also now received a letter from Saga offering £100 in compensation and explaining that two people had been arrested in connection with the incident. You did the right thing by cancelling your card and ordering a new one. Nonetheless, you would be wise to scrutinise your bank statement for any unrecognised payments in January.
A more insidious possibility is that the scammer(s) in possession of your details might use them to convince you that they are from your bank or another trusted body. If you engage, you could be tricked into compromising your own accounts.
That’s why it’s so important to stop and take five minutes when we receive a request for our personal or banking information, even if it sounds plausible or you were expecting a similar request. Think about how to verify what you’ve been told - for example, by calling the number on the back of your card.
The fact that you were already thinking in this way when the Saga scammers emailed you stands you in good stead for any future scam attempts.
Find out more:
source https://www.which.co.uk/news/article/scamwatch-fraudsters-targeted-me-after-my-insurer-suffered-a-data-breach-aEr9U1v9Uuyn