Major supermarket online shopping hit by mystery attack?
Tesco’s website was been “down” between Saturday 23 October 2021 and today (Monday 25 October 2021). The website and app crashed after what Tesco said were attempts “to interfere with our systems”. In other words, hacking…
This has obviously been annoying for anyone trying to book a shopping delivery slot but also for anyone wanting to change their order or cancel it. How many of us book a slot with a pint of milk in it to add items throughout the week and day before delivery? To say nothing of the problems this has caused those who are self-isolating.
It is concerning that Tesco took nearly 48 hours to resolve the problem, which suggests that the issues could be more than just not being able to change an order. An outage of this length is unusual unless there has been a severe impact, which suggests that Tesco’s business continuity plans, along with their incident response drills, could use some attention and investment.
I have been looking at the issue from a legal perspective. She advises those who have a Delivery Saver, Click and Collect or Delivery Saver Plan could be due a partial refund if they have been affected.
You have paid for a service and under the Consumer Rights Act 2015, if you have not received the service you paid for, you are entitled to a refund. In this case you should certainly be entitled to a proportion of the plan.
Are there data breach issues?
At the moment Tesco says that there is no reason to believe that there has been a data breach. But it remains to be seen whether the hackers have obtained personal data. Tesco has 72 hours in which to inform the Information Commissioner’s Office if there has been a breach of data.
James Bores, from Bores Security Consultancy, comments that assurances that customer data is not impacted are common in these circumstances, and often meaningless. He says “From the little information that is available it does not appear to be a standard ‘Denial of Service’ attack (intended to shut down a system, usually with a ransom for restoration), nor a ransomware attack of the type with which we’re all highly familiar. Given that Tesco declared the search function was impacted, some sort of attempt to manipulate or modify the underlying database certainly seems possible, and one of the most common ways for this to be carried out is through database injection.”
Your rights when there is a data breach
So, what are your rights if your personal data is exposed as a result of a breach?
Under the General Data Protection Regulation (GDPR), if there has been a breach of data:
1) Organisations must assess the risk to your personal rights and freedoms.
2) High risk breaches must be notified to the persons whose data has been affected without undue delay and with a description of the likely consequences.
3) Organisations must describe the measures taken, being taken or proposed to be taken to deal with the data breach. If applicable, organisations should also describe the measures to mitigate any possible adverse effects.
What happens next?
A Tesco spokesperson said:
“Our online grocery website and app are now back up and running. Our teams have worked around the clock to restore service, and we’re really sorry to our customers for the inconvenience caused. The disruption was the result of an attempt to interfere with our systems, which had caused problems with the search function on the site.
There is no reason to believe that this issue impacted customer data and we continue to take ongoing action to make sure all data stays safe.”
Bores says “At this point Tesco’s security team will be trying to get forensic data to determine exactly what happened, as it can be extremely difficult to uncover the underlying flaw. They will then look to find ways to prevent it re-occurring.”
Tesco needs to be transparent and inform customers about exactly what happened, why it happened and reassure them that their data is safe. In the meantime, consumers need to be aware that scammers are rife and will take advantage of incidents like this. If anyone contacts you from Tesco regarding a data breach, it may be a scam, so beware.
Help with your complaints
If you need help with complaining effectively and making sure you are never fobbed off. GET THE BOOK! How To Complain: The ESSENTIAL Consumer Guide to Getting REFUNDS, Redress and RESULTS!
101 Habits of an Effective Complainer to help you become more skilled and assertive when making complaints (and see Rob’s review!)
The Complaining Cow – free support for businesses
It takes 5 times as much to gain a new customer to retain one. So work on turning your customers into superfans who do much of the heavy lifting for you!
Join the Facebook Group Increase Sales through Customer Service: Compassion, Care and Integrity A private group where you can give and get support, advice and share good practice on how to improve customer service.
Free download Customer Service 5 ways to get rave reviews & referrals a few tweaks to your customer service can help you reduce the risk to your company’s reputation, finances and impact on customers and increase sales.