We recently detected a cyberattack on our systems. In this kind of attack, often referred to as a “credential stuffing attack”, the perpetrator attempts to gain access to a customer’s account using login credentials illegally obtained from another source. This kind of cyberattack relies on a customer’s tendency to reuse username and password combinations for multiple accounts (not just a customer’s HMBradley account).
First and foremost, we want to assure you that we are working diligently to protect our customers’ accounts and have taken corrective actions to curb the attackers, however, there are also actions you can take to protect yourself against this kind of attack both now and in the future.
What can you do?
1. Update your HMBradley password
Even if you don’t suspect your account of being compromised, it may be a good idea to update your password as an extra precaution — especially if you use the same password for multiple accounts. We recommend using a password manager to create and store secure passwords or using proven methods for creating strong passwords.
2. Enable Two-Factor Authentication
Two-Factor Authentication is one of the best ways to add an extra layer of protection to your account and ensure that you are the only person who has access — even if someone knows your password.
3. Monitor your account for transactions you did not authorize
If you believe that there are transactions on your account that you did not authorize, let us know immediately by contacting us at https://hmb.to/support. Although we monitor account activity to detect suspicious activity and notify our customers, we also advise you to review your account statements and account activity regularly.
4. Keep an eye on your identity online
Unfortunately, these sorts of cyberattacks are increasingly common in the digital age. It is always a good idea to keep an eye on your online identity and monitor your accounts for any unauthorized activity. Sites like Have I Been Pwnd? provide a useful and free way to check if any of your personal information has been compromised.
If you are concerned that you may be a victim of identity theft, the Federal Trade Commission (FTC) has an online resource to help victims report and recover from identity theft. Report to the FTC online at IdentityTheft.gov or by phone at 1-877-438-4338.
As always, if you have any questions or concerns about your account, please contact us. We appreciate your understanding and will provide updates as we learn more about this incident.