12th of July, 2021 (latest update: 23th of July, 2021)
We were the target of an organized cyber-attack which was carried out with considerably vicious criminal intent. The unidentified perpetrators managed to break through our high security standards and access internal data. We immediately took all necessary steps to protect all the data we hold and are currently working with external cyber-security specialists to systematically reconstruct the incident. Our day-to-day operations were not affected, and all our systems are up and running as normal.
What data was affected?
Data affected includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop or TeamShirts via bank transfer, or who have received a refund via bank transfer. According to the latest information from our investigations, the hacked servers did not contain the bank details of any other groups of customers.
What can happen with my data?
There is a possibility that obtained data may be published without authorization or used by unknown persons for fraud or identity theft attempts. The general recommendation is to closely monitor your bank account for suspicious debits. If an unauthorized debit occurs, you can reverse them yourself in accordance with the applicable SEPA direct debit rules.
It’s also possible that “phishing” emails may be sent to you. These will try to obtain your personal data via fake websites or try to install malware on your devices. You should always check the authenticity and trustworthiness of incoming emails.
For more information on email and internet security, visit the National Cyber Security Centre.
What protective measures have been undertaken?
Data security is our number one priority, and we are taking this incident extremely seriously. The company's crisis team is working with external cyber-security specialists to systematically reconstruct the events. We will be implementing additional measures to ensure that this kind of breach cannot happen again. The relevant authorities have been informed.
What can you do?
If you have an account with us we highly recommend you to change your password. Keep the following tips in mind:
- Choose as long a password as possible
- Avoid using personal information, such as a birthday
- Use a combination of numbers, symbols, and upper and lower case letters
- Use a different password for each of your accounts
- Change your password regularly
I don’t have an account with you, why did you contact me or have my data?
We have your data because you placed an order with us or one of our Partner Shops in the past. We are legally required to retain customer and order data. This is why customer data might have been compromised, even if you ordered through us as a “guest”.
I’m trying to change my password, but my email address isn’t recognized.
Lots of customers place an order with us as a “guest” without ever creating an account. You can only login if you have an account with us.
Our recommendation to change your password is only directed at those customers who have setup an account with us.
You can find out if you have an account with us by going to our login page and clicking on “Forgot your password”. Enter your email address there, and if we don’t find an account connected to this email, we will inform you of this there.
I deleted my account in the past, why do you still have my data?
We are legally required to retain certain data even if your account was deleted. Since some of this data may have been compromised, we wanted to make sure you were informed of this cyber-attack.
How do I delete my account?
If you have an account with us and would like to delete it, please log into your account and click on “My Account” and then “Security settings” and you’ll find the option to delete your account.
How can I find out more?
We'll be updating this page as soon as we have any new information. Check back here for more!