Originally Posted by
naturbo2000
Some news. I've just had a phone call from a Scan company director to discuss the issue.
I don't want to go into too much detail as they are still urgently fact-finding and will post a full response shortly. I don't want to make any false claims but thought it might be useful to give people a heads-up.
It seems the breach was actually back in 2007 and Scan did follow due-diligence to the extent of informing the police of the issue (It would have been nice if they had let customers know as well, but I'll let that slide).
Anyone with an account after 2007 is apparently unaffected (hence why only myself and Moonglum have the emails just now).
Accounts before 2007 may have been compromised (though I'm assured that the nature of the breach means credit card details could not have been compromised, even if they were, I don't have them anymore...).
I'm pleased with the seriousness that Scan are applying to this issue - I believe they are only just now aware that passwords could have been compromised from old accounts. Current encryption policies mean that all data is secure should a breach ever occur in future.
I suggest that once this is cleared up, Scan get in contact with the affected customers to let them know the situation.
(Oh and obviously, I should have changed those passwords somewhere in the last 5 years).