July 11, 2020 - LiveAuctioneers Account Security
Last Update: August 3, 2020 @ 9:55am ET
We take the protection of member information very seriously. We are deeply sorry for any concern or inconvenience this may have caused, and are working quickly to take the appropriate steps to prevent such incidents in the future. We hope that in time we can regain your trust, which we value above all. Below is an update on the latest information we have on a data security issue involving LiveAuctioneers account information.
Our cybersecurity team has indeed confirmed that following a cyber attack against one of our IT suppliers on June 19, 2020, an unauthorised third party managed to access certain personal information from our bidder database. We were notified of the incident on July 11, 2020 and began notifying bidders that day through email and our website, based on how recently the bidder had used their LiveAuctioneers account.
LiveAuctioneers was one of a number of their partners who experienced a breach since this IT supplier’s security was compromised. Our cybersecurity team has ensured the unauthorized access has ceased.
What Information Was Involved
The data that has been exposed includes user account information like names, email addresses, mailing addresses, phone numbers, and encrypted passwords (the unauthorized party however managed to decrypt passwords after the cyber attack). Not all of this information may have been present on your bidder account. Please also know that complete payment card numbers were not accessed, and we have no reason to believe auction history was affected.
The exposure of your LiveAuctioneers credentials (i.e. login and password) could affect other online accounts you may have (if they use the same or similar credentials). You could also be exposed to impersonation and phishing attempts.
What We Are Doing
As soon as we became aware of this incident, we blocked the unauthorised access to bidder account information and disabled your most recent LiveAuctioneers password.
We have taken immediate steps to improve our security and prevent such incidents in the future:
- We have suspended our relationship with the compromised IT supplier.
- Our security tokens and passwords throughout LiveAuctioneers’ systems have been replaced.
- We have implemented stronger password encryption.
- We have partnered with leading cyber security experts to further secure our website, mobile apps, and systems.
- We are working with government authorities to bring the perpetrators to justice.
- Multi-factor authentication for all back-end services have been implemented.
- We are analyzing and monitoring our source code to address any vulnerabilities.
- We are continuing to upgrade our network infrastructure.
- We will be implementing stronger password requirements.
What LiveAuctioneers Users Can Do
All passwords created before July 11, 2020 have been disabled. If you have not already done so, we encourage you to change your password.
For not logged in bidders: You can access your account by creating a new password, following the steps below:
- Visit https://www.liveauctioneers.com/ and click “Log In” on the top right-hand corner of the page.
- Click “Forgot Password” on the login window.
- Enter your email address used for and click “Send Reset Instructions”.
- Check your email and follow the link provided to reset your password.
For already logged in bidders: Please click the dropdown from your user icon in the top right corner and click “Account Settings”. From here, click “Change Password”.
To help further protect your personal information, please remember:
- Do not use same or similar credentials for other online accounts.
- Change any and all passwords that used the same or similar credentials as those used for your LiveAuctioneers account
- Regularly review your online accounts for suspicious activity.
- Be cautious of any unsolicited communications asking for your personal information: we will never ask you to disclose your password via an email or over the phone for instance.
- Avoid clicking on links or downloading attachments from suspicious emails.
For U.S. Residents:
If you see any unauthorized activity related to your financial accounts, promptly contact your financial institution. We also suggest you submit a complaint with the Federal Trade Commission by calling 1-877-ID-THEFT (1-877-438-4338), online at https://www.ftc.gov, or by mail to 600 Pennsylvania Avenue, NW Washington, DC 20580.
To protect yourself from the possibility of identity theft, we recommend that you immediately place a fraud alert on your credit files. A fraud alert conveys a special message to anyone requesting your credit report that you suspect you were a victim of fraud. When you or someone else attempts to open a credit account in your name, the lender should take measures to verify that you have authorized the request. A fraud alert should not stop you from using your existing credit cards or other accounts, but it may slow down your ability to get new credit. An initial fraud alert is valid for ninety (90) days. To place a fraud alert or monitor your credit reports, contact the three major credit reporting agencies at the appropriate number listed below or via their website.
P.O. Box 740241
Atlanta, GA 30374-0241
P.O. Box 9701
Allen, TX 75013
P.O. Box 1000
Chester, PA 19022
New York residents can also consider placing a Security Freeze on their credit reports. A Security Freeze prevents most potential creditors from viewing your credit reports and therefore, further restricts the opening of unauthorized accounts. For more information on placing a security freeze on your credit reports, please go to the New York Department of State Division of Consumer Protection website: http://www.dos.ny.gov/consumerprotection.
When you receive a credit report from each agency, review the reports carefully. Look for accounts you did not open, inquiries from creditors that you did not initiate, and confirm that your personal information, such as home address and Social Security number, is accurate. If you see anything you do not understand or recognize, call the credit reporting agency at the telephone number on the report. You should also call your local police department and file a report of identity theft. Get and keep a copy of the police report because you may need to give copies to creditors to clear up your records or to access transaction records.
Even if you do not find signs of fraud on your credit reports, we recommend that you remain vigilant in reviewing your credit reports from the three major credit reporting agencies. You may obtain a free copy of your credit report once every 12 months by visiting www.annualcreditreport.com, calling toll-free 877-322-8228 or by completing an Annual Credit Request Form at:https://www.consumer.ftc.gov/sites/www.consumer.ftc.gov/files/articles/pdf/pdf-0093-annual-report-request-form.pdf and mailing to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281
For more information on identity theft, you can visit the following websites: New York Department of State Division of Consumer Protection at http://www.dos.ny.gov/consumerprotection; NYS Attorney General at http://www.ag.ny.gov/home.html; or Federal Trade Commission at www.ftc.gov/bcp/edu/microsites/idtheft/.
For Canadian Residents:
If you see any unauthorized activity related to your financial accounts, promptly contact your financial institution. We also suggest filing a report online with the Canadian Anti-Fraud Centre at https://www.antifraudcentre-centreantifraude.ca/index-eng.htm.
You also may want to monitor your credit reports with the major credit reporting agencies:
P.O. Box 190
3115 Harvester Road, Suite 201 Burlington, Ontario
For more information and updates
If you have any questions or see anything suspicious on your account, please contact our customer support team at firstname.lastname@example.org.
Protecting your information and preventing incidents like this from happening in the future is our top priority. We will keep working to improve security and maintain your trust--which we know is critical to the auction experience. We’ll share any important updates here as we have them.