The HomeOwners Alliance have been reassuring the members of their mail list throughout this week following a cyber criminal hack to their Mailchimp newsletter distribution list.
Instead of receiving their usual newsletter communication, the recipients were sent an unexpected invoice asking for a payment of £285 from the hackers.
Although the system was hacked, and some email details were stolen, the HomeOwners Alliance were clear that any financial or sensitive information was not kept on the compromised platform.
Paula Higgins, chief executive of the HomeOwners Alliance, commented: “Please ignore and delete the previous email from us.
“We are investigating with Mailchimp what has happened.
“Please be reassured that we do not keep any member or user payment details on Mailchimp, only email addresses.
“We are working as hard and quickly as possible to resolve this situation and will update you as soon as this is rectified.”
A HomeOwners Alliance spokesperson said: “We worked as quickly as possible to secure the Mailchimp account and alert users via email, Facebook and Twitter.
“That response asked our newsletter subscribers to ignore and delete the spam email.
“First of all we would like to say thank you to all our newsletter subscribers for being so understanding and supportive.
“We are a small business and pride ourselves on putting our customers first so are horrified this has happened. We take the upmost care with people’s data.
“Our Mailchimp database holds only newsletter subscriber’s email addresses. No further personal information or bank details are held. And our member details are held in a separate system so are not affected.
“Mailchimp is a reputable newsletter email distribution software with numerous security features which act to keep our newsletter list safe.
“We are still investigating but currently we know that the email sent was spam and included a link to a file which contains Windows based malware.
“It is unclear how spammers managed to gain access to our Mailchimp account at this time but we have immediately strengthened security around the account in response.
“This was a professional attempt at deception. The perpetrators uploaded over 5,000 email addresses who were not HomeOwners Alliance subscribers.
“Our newsletter list is a GDPR compliant list based on consent. So if you suspect you are one of those 5,000 because you are not one of our subscribers, you should review your own email account security.
“We have immediately deleted all 5,000 newly uploaded emails from our list.”
Whilst many organisations, businesses and firms will strive to protect the sensitive data held, it is important not to overlook the social media type platforms that could be easily corrupted, causing reputational damage.
