Potential data breach management

Notification date: 1031 BST, April 29, 2019

We are sorry to inform you of a potential breach of security that may have resulted in the unauthorised disclosure of your login details to our websites, as follows:

Background to the breach:
One of our service providers stored your login details for your website account on their server.  While this server was not publicly listed, there was an open server port which made your information vulnerable for a short period this year.

Details of the breach:
The login details contain the following pieces of information: Your name, email address and your password for our websites in an encrypted form. No other information or data has been involved and no one has access to any other personal data from this potential breach.

Steps taken to mitigate risk:
We have taken the following steps to mitigate any adverse effects of the breach.  Our partners have removed the information from that server and have undertaken a full audit and introduced additional steps to ensure your data is not accessible. We have reset all passwords and you will be asked to enter new login details when you next login to our sites.

Notification of breach:
Whilst we believe that the data breach does not meet the threshold to be reported, as a responsible business we have informed the Information Commissioner’s Office of the breach on 26th April.

Your data:
Incisive Media take data security and protection very seriously and we recommend you don’t reuse passwords for different accounts, in case you have, we recommend you change your password on those other accounts too. More information on use of your data and your rights can be found here.

You can obtain more information about the breach from:

Emma Scheck
GDPR Project Manager

[email protected]