Just got an email in the inbox saying that Qdos had a security incident and to register with Experian IdentityWorks to claim a free 1yr identity monitoring. Not tried it yet and also google returns nothing regarding this, anyone got anything similar or is this some very believable scam?
-
-
Yes, I just came here to post the same. The links in the email are all to a 9rr8.mjt.lu domain, which looks dodgy but there's very little online to verify them. I'm inclined to think it's a scam, but a targeted one?
But if it isn't a scam, then my major worry is it looks like any business contracts that were sent to QDOS have potentially been stolen, meaning we may have to notify our affected clients as this is confidential information...
I'll probably contact QDOS about this by phone. -
I called QDOS and unfortunately it is legit, so it looks like they have had a data breach. I mentioned the dodgy-looking links in the email and they said they'll look into it; they have quite a few calls today !
I'll quote from the email:
How has my data been impacted?
Please note that Qdos does not collect or store credit card information or other identification documents such as passports or drivers’ licences for customers. Any information provided with respect to claims against insurance policies has also not been impacted.
We can’t confirm exactly what data or documents were accessed or downloaded for customers individually, but it is possible that the following data relating to you may have been impacted:- Documents relating to insurance policies, e.g. policy schedules;
- Documents relating to IR35 services, e.g. contracts, contract reviews or IR35 calculations;
- Documents relating to purchases e.g. invoices and credit notes; and
- Personal data from your customer account, e.g. name, correspondence address (or registered business address), email address and contact number.
Comment
-
---
Former member of IPSE.
---
Many a mickle makes a muckle.
---Comment
-
Hi, DSC, we can confirm that this is a legitimate email from Qdos regarding a recent security incident. We have set-up a dedicated call centre to handle any questions or queries in relation to the incident - the team can be reached on 0116 497 1281. They can also answer any questions you may have regarding the monitoring service provided by Experian, which we are offering to all affected customers free of charge for additional peace of mind. We’re committed to providing customers with any support and assistance we can.Originally posted by dsc View PostQdos Contractor - IR35 expertsComment
-
I wonder if any of the data will end up in the hands of HMRC.
Comment
-
Received this also and not used their services for years. Maybe some DB pruning is required. Shouldn't really be holding any information of old customers for so long. Data protection breach.
Comment
-
.lu is the country code for Luxembourg.Originally posted by Durwin View Post
mjt.lu is apparently Mailjet. So, I assume that this is similar to Mailchimp etc., and that website will redirect you to the real website. Presumably it has a unique ID embedded in the link which they can cross-reference against the recipient (to know who's clicking the link). That might be justifiable if it was an advertising campaign, but I'd agree with your initial reaction that it seems pretty dodgy when they're confessing to a data breach.Comment
-
I haven't received an e-mail and I last renewed a policy in 2021 (i.e. haven't been a customer since 2022). I was hoping that meant they had pruned my data. Now I'm not so sure.Originally posted by SuperZ View PostComment
-
We can confirm that the emails from Qdos regarding a recent security incident – including the links within them - are legitimate. Given the importance of this communication, we engaged third-party experts, Experian, to support us with issuing notifications. To facilitate this, the emails were distributed using Mailjet, a commonly used email delivery platform. All links within these emails use the domain format .mjt.lu and are uniquely generated for each recipient to allow for secure and appropriate tracking.
We remain committed to supporting and assisting our customers during this time. If you have any further queries or concerns please contact our dedicated call centre on 0116 497 1281Qdos Contractor - IR35 expertsComment
Comment