Sodexo food services and facilities management company notified a number of customers that it was the victim of a targeted attack on its cinema vouchers platform Sodexo Filmology.
Sodexo food services and facilities management company notified a number of customers that it was the victim of a targeted attack on its cinema vouchers platform, Filmology and it is urging them to cancel their credit cards.
The service rewards UK employee via discounted cinema tickets, the website was taken down in response to the incident “to eliminate any further potential risk” to consumers and to protect their data.
Sodexo Filmology reported the incident to the Information Commissioner’s Office and hired a specialist forensic investigation team.
“We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” reads the data breach notification issued by Sodexo Filmology.
“These incidents have been caused by a targeted attack on the system we use to host our Cinema Benefits platform, despite having put in place a number of preventative measures with CREST-approved security specialists.”
“We sincerely apologise for any inconvenience this has caused you and are doing all that we can to provide access to your benefits via alternative means. We will share more information on this with you, or your provider, in the coming days.”
Making a rapid search online, we can verify that the attack has been going on for several months, several employees reported fraudulent activities on the Money Saving Expert forum in February.
“After speaking to Filmology to ask exactly what had happened, I was informed that my bank details were stolen from the payment page and that the incident has been reported to the ICO. The hack on the payment page was carried out over 2 months and involved many accounts.” wrote the user Chris.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.