Watchfinder has written to its customers to apologise after a security breach saw their personal details including e-mail addresses and phone numbers being accessed.
Chrono24 issued a similar statement earlier this month after a seemingly identical hacking incident.
In an e-mail to clients from Watchfinder chief executive Arjen van de Vall, seen by WATCHPRO this morning, he says the company recently discovered unauthorised access to a user account belonging to one of its employees which resulted in lists of prospective customers being compromised.
The lists include current and prospective customers from across the world.
“The records in question may include your e-mail address, telephone number and/or any watches that you have expressed an interest in,” Mr van de Vall reveals, but makes assurances that the data breach does not include any postal addresses, passwords, credit card details or other banking information.
As a specialist in high value certified pre-owned watches for over 20 years, Watchfinder’s customer database would be a valuable list of high net worth individuals, their spending intentions and brand preferences that could be sold to multiple third parties.
With this in mind, Mr van de Vall warns customer to “be alert to any suspicious correspondence”.
Watchfinder says it has informed the relevant authorities about the data breach and is conducting a review of its security measures and policies.
“The confidential nature of our relationship with you is very important to us, and we wish to reassure you that the safety and security of your personal information remains a priority for us,” Mr van de Vall insists in the e-mail to customers.
“We extend our sincere apologies. Should you have any further questions, please do not hesitate to contact us at the following email address customerservice@watchfinder.co.uk,” he adds.
Watchfinder’s data breach comes just weeks after a similar incident at Chrono24, which admitted a cyber attack had managed to access market-sensitive information including e-mail addresses that could be sold on.
The incident, at the start of September, concerned data from third-party service provider MailChimp, which is used to send Chrono24’s email newsletter.
No access was gained to any Chrono24 account, the company reports. Neither was any information related to transactions or watch collections disclosed.
“This data is stored directly with us and is protected by our strict security mechanisms,” a spokesperson tells WATCHPRO.
Chrono24 said the stolen data did not including the most sensitive information, such as passwords, payment data or transaction information, but informed customers: “We take this incident very seriously. That’s why we see it as our responsibility to communicate security risks openly with you”.
Like Watchfinder, Chrono24 advised its customers to pay extra attention to suspicious e-mails or unwanted advertising.
“In the event of suspicious activity or suspected phishing, you should contact abuse@chrono24.com. If you have any questions, Chrono24 is also available by email at support@chrono24.com or by phone at +49 721 96693-988,” the company said.
