I have received this email from JLP about a potential data breach regarding Partner Choice.
What action should I take?
Because the breach included email addresses, there is an increased possibility that you might be subject to phishing emails. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), by disguising as a trustworthy source. These emails often convey a sense of urgency in the hope that the recipient may be frightened into acting on it. Usually there will be something unusual about the email; for example spelling mistakes or a strange email address. It’s sometimes not immediately obvious, so I ask that you are vigilant and double check any requests before acting on them. The Action Fraud website gives some useful advice on how to spot and protect yourself from phishing emails and if you have any concern about a specific email you have received please contact your local IT support desk.
If you do have any questions please email Partner.firstname.lastname@example.org or call the Personnel Service Centre on 0345 610 0370 or 01344 764370.
I have not received an email from JLP about a potential data breach with Partner Choice. I am a regular user of PartnerChoice and am worried that my data has also been breached.
If you haven’t received an email directly alerting you to the breach, then your data remains secure. We have launched a thorough investigation and we are not aware of any issues that should stop people continuing to use the PartnerChoice website.
How many Partners have been affected?
Approximately 16,000. This includes current Partners, retired and former Partners.
Should Partners change their password?
There is no indication that any passwords have been compromised, but we would always advise that you regularly change your passwords.
Does this affect any other Partnership system?
No, the breach is limited to Typeform and the PartnerChoice website is the only Partnership system that uses this provider.
When did the breach happen?
This is being investigated, however, we know that the data was taken from the period July 2017 - May 2018.
How did this happen?
Typeform are conducting forensic investigations to find out how this has happened.
Who has accessed the data from Typeform?
This is currently being investigated.
What does the Partnership use Typeform for?
Typeform provided an efficient way of allowing Partners to enter competitions, submit additional information, eg. car parking and boat times, through PartnerChoice. PartnerChoice provides Partners with special discounts and offers, along with the chance to join Partnership clubs and societies, enter prize draws and stay at Partnership owned hotels.
What data specifically has been accessed?
Partner name, work and/or non-work email address, employee number and work or mobile phone numbers. In a small number of cases where hotel bookings were made to Brownsea Castle some car registrations, full or partial address, number and age of children and dietary requirements if provided. It is important to note that no personal passwords or financial information was taken.
Will the Partnership be using Typeform again?
We have currently suspended working with Typeform. Google forms have been created to ensure that necessary information can still be gathered
What steps are the Partnership taking to prevent this happening again?
We have a thorough due diligence process and it is important to stress that it was not a John Lewis Partnership system that lost this data but a third party.
I would like to know exactly what data of mine has been accessed?
Please email Partner.email@example.com or call the Personnel Service Centre on 0345 610 0370 or 01344 764370.
Should I be concerned about using the Partner Choice website now?
The PartnerChoice website has not been compromised by the breach. We used Typeform for specific events and to gather feedback. We take the security of Partner’s information seriously and do all we can do to ensure we keep we keep your data safe. All forms have now been replaced with Google forms so there is no disruption to service.
I have received an external press enquiry who should I pass this onto?