British retail institution Fortnum & Masons latest victim of major customer data hack

British retail institution Fortnum and Masons has been the latest victim of a major data hack, it has been revealed today.

The personal information of some 23,000 customers is left at stake, exposed through a partnership the company had established with survey company Typeform for its food and drink awards.

Specifically, those who voted through Typeform in the store’s TV Personality of the Year category could have had their details hacked. This includes their name, email and home addresses, and social media handles.

A statement from Fortnum and Masons read:

At 17.26pm on Friday 29 June, Typeform, a company that provides services that we have used in the past to collect survey responses and voting preferences, notified us that they had suffered a data breach and unfortunately some of our data had been compromised.

The data of approximately 23,000 competition and survey participants who inputted into a Typeform form has been involved in this breach. For the majority of people, only the email address has been exposed. For a smaller proportion of customers, other data such as address, contact number and social handle has been included. These forms did not request bank or payment details, or require passwords.
No financial data has been accessed as a result of the hack, and Fortnum and Masons’ website and database remains unaffected.

The retailer has now dissolved any ties with Typeform, taking down all forms powered by the tech company until their security measures have been improved. Fortnum and Masons added that the root cause identified by Typeform as the hackers’ window has now been fixed, with forensic investigations ongoing.

It is understood that other companies may have been affected by the Typeform hack, whose clients include Nike, Uber, Apple and Airbnb. Digital bank Monzo said that around 20,000 of its users have been affected, but that all financial information has been kept safe.

The majority of these were email address leaks (19,213 customers), with the next biggest leak being the postcode and name of a user’s old bank (1,600).

The news comes just days after ticketing site Ticketmaster suffered a similar data breach at the hands of its third-party customer service site Inbenta. Monzo users were also affected by the hack, which occurred in April, forcing the bank to re-issue over 6,000 new customer debit cards.