Unfortunately, they have so far failed to disclose any information about this breach. We have contacted them directly for information, but they have not been forthcoming to us, or anyone else for that matter (e.g. there is not even a mention of the breach on their website). What we know is based on information mostly provided by Troy on Twitter. We will update this page as we find out more.
Eye4Fraud has (finally!) posted a public statement
that says not much of anything, but does confirm that they do not collect sensitive personal information about individuals like account passwords or full payment card numbers.
Today we have sent notifications to our customers that we believe might be impacted. Out of an abundance of caution, and the continuing lack of any communication from E4F, we widened the window to the end of January 2020; whilst it is likely we've included some customers that were not impacted, it's safer to be over-cautious.
We have again sent a request to E4F, reminding them of their obligations under Art. 33 of GDPR.
Still nothing from Eye4Fraud, either publicly or in direct response to our enquires. They have started to remove customer testimonials
from their site, so they clearly know, but still no formal disclosure that we can act on. As a reminder, we terminated our relationship with Eye4Fraud in December 2019, any orders place after that date would not be impacted, and we believe orders placed prior to August 2019 are also not impacted but cannot be sure until Eye4Fraud disclose more details.
[Added March 8, 2023]