Cyber Incident Victim: Encore PC
Date:
Sep 2020
Location:
United Kingdom
Summary
Customers of an IT company, Stone Refurb, formerly Encore PC, suffered financial losses after hackers compromised the firm's website and stole their bank details. The breach, which occurred over several months, allowed unauthorized payments to be made from affected accounts, with one customer reporting a loss exceeding £2,300. Police are investigating the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Customers of Stone Refurb, a Staffordshire-based IT company formerly known as Encore PC, experienced significant financial losses after the firm’s website was compromised by hackers. The data breach occurred over a period spanning from March to May 2020, during which time the attackers successfully exfiltrated customers’ bank details from the compromised website. Following the intrusion, these stolen financial credentials were used to make unauthorized payments, directly draining funds from affected customer accounts. One individual reported a loss exceeding £2,300, illustrating the tangible monetary impact of the security failure. The incident came to light after customers began noticing suspicious transactions and contacting the company, which subsequently notified law enforcement. Police confirmed they are investigating the cyberattack, which targeted the company’s online platform and resulted in the theft of sensitive personal and financial information from its client base. The breach represents a clear case of a website-based intrusion leading to secondary fraud against the company’s customers, with the attack window covering several months before detection.
The consequences of the hack were immediately felt by the company’s customers, who found their bank accounts debited without authorization as a direct result of the data theft. Stone Refurb, operating under its previous identity Encore PC, became the focal point of a police inquiry into how its website security was circumvented to access and harvest private payment information. While the precise technical method of the website compromise is not detailed, the outcome was the systematic misuse of customer data for financial gain during the March-to-May timeframe. The firm’s response involved alerting authorities and, presumably, affected customers, though the scope of the breach in terms of total number of victims is not specified in the available information. The incident underscores the risk that a compromised business website poses not only to the organization’s operations but also to the financial security of its users, whose data can be weaponized for direct theft. As of the article’s publication in late September 2020, the criminal investigation remains active, seeking to identify the perpetrators and understand the full extent of the data exfiltration and subsequent fraudulent transactions.