Technology consultant for British contractors Qdos admits to data breach involving client information
Qdos Data Breach Exposes Sensitive Information
Qdos, a UK-based tax adviser for freelancers and contractors in the tech sector, has confirmed a data breach that involved unauthorized access to sensitive client information. The incident was first detected on June 19, 2023.
The compromised information includes full names and addresses, email addresses and telephone numbers, UK National Insurance numbers, bank details, and tax information. In some cases, passport or ID documents may have also been exposed. Personal data from customers' accounts, including name, correspondence address, email address, and contact information, may also be affected.
However, Qdos would like to reassure its customers that no credit card information or other identification documents such as passports or drivers licenses were collected or stored by the company.
Qdos CEO Seb Maley confirmed that policies remain in full effect and have not been impacted in any way. The company is actively investigating the breach with a cyber forensic team while enhancing security measures.
The Information Commissioner's Office, the Financial Conduct Authority, Action Fraud, and the National Cyber Security Centre have been notified as part of Qdos's security management efforts. The ICO, Action Fraud, the FCA, and NCSC are currently investigating the matter.
Steps Affected Customers Should Take
Qdos is advising affected customers to remain vigilant against suspicious activity, including emails, phone calls, or text messages. Customers should monitor their bank accounts closely for any suspicious activity and be extremely cautious with unsolicited emails or phone calls to avoid phishing attempts.
In some cases, customers may be advised to change their National Identity Card or Tax ID. Qdos also encourages customers to seek guidance from cybersecurity professionals or advisory services for further protection.
To help detect possible identity theft early, Qdos is offering 12 months of free identity monitoring services, provided by Experian, to affected customers. Experian's IdentityWorksSM service monitors the web, social networks, and public databases for signs of personal and financial information theft.
Qdos has been contacting affected clients directly to inform them and provide advice on mitigating risks. Claims and the use of online accounts to manage policies, renewal, and new applications are not impacted.
Documents related to insurance policies, IR35 services, contracts, contract reviews or IR35 calculations, invoices, and credit notes may have been accessed. However, information provided with respect to claims against insurance policies was not impacted.
The company reinstated access to their website on June 26, 2023, after the data security incident. Qdos launched an investigation with the help of a third-party cybersecurity expert. The company is committed to resolving the issue and ensuring the security of its customers' data.
Customers who have concerns or questions about the data breach are encouraged to contact Qdos directly for more information. It is crucial for affected customers to remain vigilant and take advantage of the offered identity protection services promptly to reduce potential harm.
- Qdos is strengthening their security measures in response to the data breach, involving cyber forensic teams for investigation.
- Affected customers are advised by Qdos to vigilantly monitor their bank accounts, watch out for phishing attempts, and potentially consider changing their National Identity Card or Tax ID.
- As part of their efforts to help detect identity theft, Qdos offers a 12-month free identity monitoring service, provided by Experian.
- In the aftermath of the incident, Qdos is working closely with several regulatory bodies such as the ICO, Action Fraud, the FCA, and the NCSC, and is committed to resolving the issue, ensuring the security of their customers' data, and maintaining the integrity of their databases in the field of data-and-cloud-computing and technology for their business operations in finance and cybersecurity.
