PRA LETTER ADMITTING SECURITY BREACH

[Old Cogger]

Has anybody received the letter of breach June  1st 1023 PRA GROUP ?

Edited August 5, 2023 by Old Cogger

[fkofilee]

Can you post it up - Id like to see

 

[fkofilee]

Looks legit maybe

[Old Cogger]

21 minutes ago, fkofilee said:

Looks legit maybe

Reported as genuine

[Old Cogger]

A recent cybersecurity issue associated with MOVEit, a widely-used file transfer system, has impacted a number of organisations worldwide, including PRA Group (UK) Limited (Registered office: Level 11 Riverside House, 2A Southwark Bridge Road London, SE1 9HA) (“PRA”). We are writing to let you know that this issue affected certain of your personal data. We take the confidentiality of your data very seriously and are providing this notice to explain what happened and the actions we have taken. A software vendor named Progress Software recently announced a cybersecurity threat related to its MOVEit Transfer software product. According to Progress Software, unauthorised actors discovered a previously unknown vulnerability in the MOVEit software that could allow unauthorised acquisition of documents being transferred using MOVEit. As soon as we became aware of the issue on June 1, 2023, we launched an investigation to determine the scope of the issue and to identify individuals whose information may have been affected. Based on our ongoing investigation, we believe that an unauthorised actor exploited the MOVEit vulnerability to acquire certain PRA data on PRA’s MOVEit system. You are receiving this notice because we determined that your records are among those that may have been affected. We promptly took steps to contain the issue by disabling the MOVEit system and isolating it from other PRA systems. In addition, after identifying the vulnerability, Progress Software released a security patch, which PRA implemented prior to restoring the software. PRA also engaged a leading cybersecurity expert to conduct a forensic investigation and is coordinating with law enforcement authorities in their investigation. At this time, we have no reason to believe that the issue affected other PRA systems. We continue to monitor for suspicious activity. We regret any inconvenience this may cause you and are alerting you about this issue so you can take steps to help protect your information from potential risks such as exposure to phishing communications. Some protective measures you can take include: (1) monitoring your financial accounts and statements; and (2) being cautious when receiving and acting upon communications, such as emails, calls or texts, from third parties. If your account(s) are being managed by a third party then normally we would communicate with them regarding your account. In this instance, however, if you have any questions about the MOVEit incident please contact us directly. We hope this information is useful to you. If you have any questions regarding this matter, please contact our Data Protection Officer, Daniel Szmurło, at [email protected].

[fkofilee]

"The only reason we have your data is because we bought a debt from another company and as such due to our greed, we put you at risk..."

They should write this off as a matter of course. 

 

You should raise a formal complaint about it

[Old Cogger]

1 hour ago, fkofilee said:

"The only reason we have your data is because we bought a debt from another company and as such due to our greed, we put you at risk..."

They should write this off as a matter of course. 

 

You should raise a formal complaint about it> ?

compensation maybe?

[Old Cogger]

1 hour ago, Old Cogger said:

compensation maybe?

Their letter is typical of  = If you want to response we only put your 1st Name, no reference number A/C No:-  cannot reply to this email address. 

[Old Cogger]

9 hours ago, fkofilee said:

"The only reason we have your data is because we bought a debt from another company and as such due to our greed, we put you at risk..."

They should write this off as a matter of course. 

 

You should raise a formal complaint about it

6/8/2023 = Email sent Complaint and compensation letter.

[fkofilee]

What did you send? 

 

[Old Cogger]

Ico letter  compliant under GDPR and some addendum refers to compensation also quote high court case quoted secondary loss if not material cash lost. So far. 

 

will see what they send back in the next 30 days quoted by ICO, before possible next step.

 

Edited August 6, 2023 by Old Cogger

[Old Cogger]

Response email we will look into this and have 8 weeks under FCA rules for complaints maybe shorter, sent a reply GDPR 30 days as per ICO this matter comes under Breach security.

[Old Cogger]

well PRA fobbed off email says they have done  investigation indicates some of the information was copied in the cyber attack bu an unauthorised third party from files contained in the MOVEit system.   The data likely to have included personal information, such as your name, date of birth and contact details. but does not include debit card information. we assure you that we have acted swiftly and took the necessary actions in regards this breach, we took steps to isolate the problem from our systems as soon as we aware of it, 

bla bla go to FOS if you are not happy. 

 

you must be vigilant now of suspicious activity now .

[kreef]

Yes I have data breach letter 31st July. 

Is there any law firm representing this breach. I have have allot of scam approaches since this breach. 

I'm concerned  

Kreef

[Old Cogger]

None known just a complaint to FOS.,  more the merrier?

[Old Cogger]

Also my score has dropped, and offers gone.