Tell HN: New data breach at Springer Nature

3 points

3 years ago

I just received an email from them alerting about the data breach. Here is most of their email text. I have left out their contact email address, etc.

Information about a current data incident involving your email address

We are writing to let you know about a recent incident that involved some of your personal information, how we responded to it and what the data incident means for you. We sincerely apologize for any inconvenience caused and thank you for your understanding.

What happened and how your information was affected

Our customer database at Scientific Reports was accessed by an unauthorised person on November 19, 2023. Based on our current status of investigations, we understand that your email address was part of one of our contact databases and that it was accessed by the unauthorised person. The unauthorised person used their access to send a spam email to some of our customers.

The spam email was sent from a system operated by a service provider. It was sent from one of our journal-related email addresses ([email protected]) and appears to come from the shipping company DHL. For the avoidance of any doubt, this was not an authorised message either from Scientific Reports or from DHL.

From our records, we do not believe that you received the email and we currently do not have reason to believe that any other personal data other than email addresses have been impacted by the incident.

What have we done in response to the incident?

We immediately took measures to stop any further unauthorised access to the affected system and are closely cooperating with the security teams and service providers involved. All accounts to access the affected system have been locked and underwent a forced password reset. We have further instructed our service providers to reevaluate and increase their security measures in light of this incident.

What does this mean for you?

No immediate action is required on your part. However, as your email address has been accessed, you should be aware of the increased possibility of receiving fraudulent emails. Please check the spam settings of your email inbox and contact your credit card company as soon as possible if you believe you have been a victim of fraud.

Involvement of the supervisory authority and internal investigations

We take this data incident and our legal data privacy obligations very seriously. We have already notified the data incident to the relevant data protection authorities in the EU and UK, in accordance with applicable legal obligations. We are also conducting an internal review into the incident.

1 comment