Subscribe
Support
  • Vendor Ransomware Incident Notification

Vendor Ransomware Incident Notification

If you need this letter translated please email support@bigissue.com / Daca ai nevoie de o variantă tradusă, te rugăm contactează-ne la support@bigissue.com

As a vendor of the Big Issue Group (BIG), we need to make you aware of a ransomware incident that BIG became a victim of in late March 2024.

Upon discovery of the incident, we immediately engaged third party cyber security experts and took steps to contain the incident and recover our systems. Since then, we have, along with our third-party advisers, been taking steps to understand the wider impact of this incident, including undertaking a complex IT investigation.

We also notified regulators, including the UK Information Commissioner’s Office, and law enforcement, of the incident.

Our investigation into the incident is in its final stages and unfortunately, we have determined that some of your personal data has been impacted as a vendor of BIG. We understand this may cause concern and we are sorry for this.

This notice includes important information regarding your personal data, the support we are offering and what you can do.

What this means for you

Our investigation identified that the following personal data relating to you may have been impacted:

  • Personal information including your name, home address, email (business and / or personal), telephone number.
  • Bank account details (account number and sort code) that you provided to receive payments during COVID-19.
  • Documents relating to your identity which may include a scan of either your passport or drivers’ licence and/or your National Insurance number.
  • Any specific documents you may have provided us with in the course of assisting you with individual queries or issues.

We hold this information as part of the ID check for you to become a vendor and in order to contact you to make support payments (for example during the covid pandemic), and where you may have requested our local offices and workers help you with specific issues.

The support we are providing

We would like to offer you 12 months of credit and identity monitoring services, provided by Experian’s “Identity Plus” service; a leader in this field. The monitoring service will alert you to any changes to your credit report (including if any applications were to be made in your name) as well as if your information is found online. You will find more details about accessing this service below.

What you can do

In addition, we understand that you may want to take additional steps to stay protected. Working with our external IT experts, we have set out below some steps that you can take in light of this incident to protect yourself and stay safe online. Best practice steps you can take include:

  • Monitor your accounts: Keep an eye on your bank and other online accounts to monitor for any suspicious activity, such as attempts to login to internet services. If you see anything unusual, contact your bank immediately and explain that you’ve potentially been the victim of fraud. It’s also advisable to check your credit report to ensure credit isn’t taken out in your name. There are the three main credit agencies that can enable you to do this in the UK; these are Call Credit (also known as TransUnion), Experian and Equifax.
  • Beware of scams: Be vigilant against any attempt by fraudsters (including those claiming to be related to The Big Issue Group and/or any of its group companies) who are attempting to contact you over the phone or email asking for personal information. This is known as “phishing” and again, there is a lot of information on how to spot these scams online such as https://www.ncsc.gov.uk/collection/phishing-scams.
  • Report scams: You should report any such attempted scams to the police by calling the Action Fraud National Fraud & Cyber Crime Reporting Centre on 0300 123 2040 or by visiting https://www.actionfraud.police.uk/.
  • Consider password security: While you would not have provided us with any passwords, if you have reused or shared passwords across multiple services and devices, particularly if such passwords contained your date of birth or similar details to help you remember them, you may wish to consider implementing more secure passwords. There is a lot of helpful information online on how to set up strong passwords such as https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/use-a-strong-and-separate-password-for-email

Next steps

We take IT security and privacy matters incredibly seriously and, again, we are sorry for any concern caused.  Whilst no organisation can guarantee absolute security given the ever-present cyber security challenge we all face – recent news stories demonstrate the size and scale of this issue – we, along with third party experts have undertaken an exhaustive IT investigation in respect of this incident, and we will continue to review the security processes we have in place on an ongoing basis.

If you have further questions relating to the matters set out in this letter, the support we are offering and to access your Experian code, please contact us on 0115 804 9599* as soon as possible.

Yours sincerely,

Keren Segal

Group Chief Operating Officer

*Charges for calling 03 numbers are the same as for calls made to standard UK landline phone numbers starting 01 or 02.

If your landline or mobile phone package means you can call an 01 or 02 number as part of ‘free’ inclusive minutes, the same will apply to calling our 03 numbers.

If you need this letter translated please email support@bigissue.com / Dacă ai nevoie de o variantă tradusă, te rugăm contactează-ne la support@bigissue.com