14 DAY TRIAL // Personal information about online customers of Bettys tea rooms and specialty foods is now in the hands of an unknown attacker who breached the company’s web server and accessed the client database.
Founded in 1919, Bettys is well known in the coffee and tea industry for its six high-class Café Tea Rooms locations in Yorkshire, where “Swiss-inspired, Yorkshire-created specialities” are also served.
Passwords stored in an encrypted form
The company did not reveal the total number of impacted individuals, but it notified all its 120,000 online clients of the data breach.
The details available in the database swiped by the hackers may include names, email addresses, postal addresses, passwords and telephone numbers. Bettys says in the official disclosure of the breach that the passwords were stored in an encrypted form.
The Information Commissioner's Office (ICO), UK’s data protection body, advises businesses to save the salted hashes of the passwords, in order to make sure that hackers cannot break them via brute-force attacks. It is unknown if Bettys followed this procedure or stored the hashes without prior salting of the string.
The company emphasizes that payment card data remains unaffected by the intrusion because this information is stored on a separate system handled by a certified third party.
Risk of phishing and phone scams
However, apart from passwords, all the information pilfered by the attackers can be used against Bettys customers.
With contact and identification details in hand, and knowing where they shop, crooks could cold call them or deliver malicious emails in order to lure them into a scam.
The company is well aware of these practices and has issued a warning to its clients:
“We would also advise you to treat any unsolicited phone or future email communication regarding your personal and financial information claiming to come from Bettys with extreme caution. To be clear, Bettys will never contact you and ask you to share any personal financial information.”
Details about the method used by the hackers to reach the customer database have not been disclosed, the company saying that at fault was “an industry-wide software weakness.”
Bettys recommends its customers to change their login password for their account and make sure that the secret string is not used for accessing other online services.