Free delivery!! from £45.00
Save to shopping list
Create a new shopping list

Statement

2024-11-29

Information about Unauthorized Access to Personal Data

Dear Sir or Madam,

We hereby inform you, in accordance with Article 34 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data, on the free movement of such data, and on repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), that our internal analyses have determined that the incident may affect your personal data. We kindly ask you to carefully read the following notification.

Description of the Incident

On November 27, 2024, we discovered that unauthorized access had occurred to personal data stored with an external partner (hosting provider). The information about the incident was received via email. The suspect gained access to our customer database, covering the period from February 2020 to November 2021.

On November 27, 2024, we discovered that unauthorized access had occurred to personal data stored with an external partner (hosting provider). The information about the incident was received via email. The suspect gained access to our customer database, covering the period from February 2020 to November 2021. Between February 2020 and November 2021, an unauthorized person accessed a database containing information about individuals who made purchases in our online store or acquired our products offered on other sales platforms (so-called marketplaces). The exposed data potentially includes: First name and last name, Delivery address, Company name, Data necessary for invoicing (e.g., purchase amount, though without specific items purchased), Name of the purchasing user, Phone number, Email address (in the case of product purchases via marketplace platforms, the email address in the disclosed database was encrypted, making access impossible).

Our analysis shows that no passwords, payment data, other access credentials, or transaction histories were leaked.

Immediately after discovering the incident, the compromised database was removed from the partner's resources, and all passwords for accessing the external hosting service were also changed.

What Have We Done to Protect Your Data?

Immediately after detecting the unauthorized access, we took measures to primarily mitigate any negative impact:

  • The affected database was promptly removed from the partner's resources upon discovery.
  • We will notify the President of the Personal Data Protection Office in Poland and relevant institutions (e.g., police, CERT) to ensure full transparency of the actions taken.
  • We are conducting an internal audit to clarify all aspects of the incident. Additionally, we have requested our hosting provider to perform a similar analysis.

What Could Be the Consequences?

The disclosed data could potentially be used to create an online account (e.g., on social networks or email). Individuals who obtain access to the data might use it for unsolicited contacts via email, SMS, or phone calls (so-called spam), including attempts to solicit further data. Ultimately, the use of additional data could lead to associating the disclosed information with specific items and subsequently misappropriating them, or taking on other obligations, such as making online purchases or taking loans from non-bank institutions.

For this reason, we advise extreme caution, especially when contacted by phone or email.

What Can Be Done to Minimize or Mitigate Potential Negative Effects?

We recommend the following steps:

  • Exercise extreme caution when receiving suspicious emails, SMS messages, or phone calls, particularly those containing links or requests for additional data.
  • Avoid sharing sensitive information, especially in response to phone calls or emails/SMS messages.
  • Monitor your online accounts for unauthorized activities.
  • Pay attention to the passwords you use for accessing online resources. These passwords should not contain easily guessable words or word fragments, particularly those based on your personal information (e.g., names, phone numbers, etc.).
  • Be alert for suspicious emails, links, and attachments in emails (attachments should not be in ZIP or RAR archive formats). Such emails might contain malicious software (e.g., viruses, Trojans) or be used to obtain further personal data fraudulently.

Additionally, we recommend using antivirus software that includes an up-to-date virus signature database.

If you notice suspicious activity, we encourage you to immediately report the incident to the relevant authorities (police, data protection authority).

Where Can I Get More Information?

If you have questions regarding this incident or need additional information, we have designated a team to address your inquiries. You can reach our team via email: rodo@venusti.pl

We apologize for any inconvenience this incident may have caused you. At the same time, we assure you that we are making every effort to ensure that the personal data we process is handled with the utmost care and that the incident mentioned in this letter is an isolated occurrence that we take very seriously.

Sincerely,

Venusti sp. z o.o.

pixel