Bol confirms that customer data may have been stolen in the AddComm attack
Bol confirmed in an email to customers that customer data may have been stolen in the ransomware attack on AddComm. The webshop will no longer supply data to AddComm until it is certain that data is safe.
Bol says he is not sure whether the attackers stole customer data, but cannot rule it out either. According to the company, this may include 'name, address details, customer number, order number and associated item, and the outstanding amount of the order with customers'. Bank details would not have been in AddComm's system.
Bol has stopped using AddComm services, the company said. “Strict security requirements are imposed on restarting the IT environment and continuing the collaboration with AddComm. Bol is working closely with AddComm to ensure that the data is secure when operations resume.”
AddComm is a customer communications company and confirmed the incident last week. This is a ransomware attack. It appears that AddComm has paid, because bol reports that 'AddComm has chosen to make agreements with the criminals under the guidance of external cybersecurity experts about not publishing and deleting captured data'.