London-based Urban Massage has publicly acknowledged a data breach that exposed the names, email addresses and telephone numbers of what appears to be its entire client database. (For some clients home addresses were also exposed.)
In a statement published on the company’s website, Urban Massage admits that the exposure of client data was not the result of a malicious attack and stresses that no client’s financial information was ever compromised.
The problem was apparently uncovered by security expert Oliver Hough, although Urban Massage refers to Hough only as “a security researcher” not employed by the company. It was Hough, the company says, who alerted media outlets.
The company’s statement about the breach does not go into a lot of details about how Hough was able to access the information but in press interviews Hough says the company did not properly lock down its data.
In addition to client contact information, the database also reportedly contained notes about clients that could, says Hough, have left certain clients vulnerable to extortion attempts. Such notes included allegations of sexual requests, suspicions of “fraudulent activity” and the characterization of certain clients as “dangerous”. Urban Massage did not address those claims in its statement.
The company, which recently rebranded itself as Urban, does not appear to have addressed the matter through its social media accounts.