Nearly 100,000 customers with Staysure travel insurance policies should check their card and bank statements now for fraudulent transactions, after a cyber-attack saw card details stolen from the firm.
During the attack, which took place in October, encrypted payment card information, Card Verification Code (CVC) details – the three digits on the back of credit and debit cards – and names and addresses were stolen from 7% of Staysure's customer base (see our ID Fraud Protection guide to protect yourself).
The firm says it immediately removed the software and systems the attackers exploited, and says it is "confident" it has "taken the right steps" to protect customers in future.
The Information Commissioner's Office, an independent body established to protect personal data, is investigating the breach.
We've put together a Q&A below to explain how to know if you're affected, and what to do if you are.
I'm a Staysure customer. How do I know if I'm affected?
Not all Staysure customers have had their data stolen. However, if you bought or renewed travel cover before May 2012 you may be affected.
These customers were notified by Staysure of the breach last month. Staysure says if it hasn't written to you, you will not be among those affected.
However, if you haven't received a letter but are concerned your card has been fraudulently used, report it immediately to your bank or card company.
Customers can also contact Staysure on 0800 007 4540 or 01604 214 575.
I'm a Staysure customer. How do I know if my card's been fraudulently used?
When Staysure notified impacted customers of the breach last month it offered them free use of Data Patrol – an identity monitoring service provided by Experian, which monitors online ID fraud and notifies its users of possible breaches.
But don't just rely on Experian notifying you of potential breaches, check your card or bank statement now for any suspicious transactions going back to October.
My card's been fraudulently used. What should I do?
In this instance you should report the issue to your bank or card company immediately.
A Financial Fraud Action UK spokesperson says: "Our advice to affected consumers is to check their card statements for unfamiliar transactions. If any customer is concerned they may have been impacted by data compromise, they should contact their bank or card company immediately."
What Staysure says
Ryan Howsam, chief executive of Staysure says: "We became aware of the problem on 14 November, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner's Office and the Police.
"We continue to work with those groups and independent security experts. We immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future.
"We are deeply sorry that this has happened and are working diligently to make sure that inconvenience to customers is minimised."