Just received this email from Catch:
"Hi,
Thank you so much for being a customer of Catch. Our team works really hard to bring you the best online shopping experience in Australia.
Unfortunately, we recently detected some suspicious login attempts involving some Catch customer accounts as a result of our ongoing security monitoring.
As a safety measure we recommend you change your password immediately. You will need to sign out/log out on the Catch mobile app or website and select ‘forgot password’ on the sign in/login screen. We will then send you a link to do this safely and securely.
What happened?
Our investigation indicates that an unauthorised third-party has attempted to access some Catch customer accounts. Your account was one of those logged in during the period, however we are unable to confirm with certainty whether you were simply browsing or shopping online during that period, or whether your login details were being used by that unauthorised third-party.
It is important to note, based on our current investigations, we do not believe the login details used were obtained as a result of a security breach of Catch.
Impacted customers may have had information available in their My Account tab accessed, which could include their name, email address, phone number, physical address, purchase history, related account information, and if saved in their profile, date of birth, gender and partial credit and debit card information. Catch does not hold full credit or debit card numbers. Where customers have saved credit or debit card details in their Catch customer account, these numbers are incomplete.
What actions have we taken?
We have reset your password as a precautionary measure. We do not yet know if your account was accessed but wanted to alert you to the unusual activity so you could take proactive steps to stay safe online.
Catch continues to use fraud detection and monitoring services and we have enhanced the use of these services to protect all Catch customer accounts.
We have also reported this incident to the Office of the Australian Information Commissioner.
What should I do now?
Please update your Catch password immediately. You will need to sign out/log out on the Catch mobile app or website and select ‘forgot password’ on the sign in/login screen. We will then send you a link to do this safely and securely.
We recommend that you reset your passwords for all online logins that use the same password as your Catch customer account, prioritising services like banking and payments.
If you have noticed any activity on your account that causes you concern, please notify us immediately, calling us on our Privacy Priority Customer Service number 1300 551 996 or email us at [email protected].
We also encourage you to take additional precautionary security measures such as:
Setting strong passwords and not re-using passwords.
Familiarising yourself with guidance on protecting yourself from scams. Remember that scammers may use information they already know about you in order to appear trustworthy. The Australian Scamwatch initiative offers guidance here. IDCARE also provides support and advice on identity and cyber matters and you can request individual support here.
Monitoring for suspicious activity on your online accounts.
We understand this may be concerning to you, and we want you to continue to shop with confidence on Catch, so if you have any questions, please call our team on our Privacy Priority Customer Service number 1300 551 996 on Monday to Friday between 9am to 6pm AEST and on Saturday and Sunday between 9am to 5pm AEST or email [email protected].
Thank you
The Catch team"
Wonder if this an actual hack or just attempted? Companies don't always admit being hacked straight away
and
So was it attempted access or did they actually get access?