I’m writing to make you aware of a data breach that occurred on Kerv.com between

1. I’m writing to make you aware of a data breach that occurred on Kerv.com between 10:00 and 11:30 on the 21st June 2017.
2.  
3. As a precaution we took the Kerv.com website offline while my team and I verified the integrity of our own and 3rd party systems.
4.  
5. In the early morning of 21st June, a former contractor with privileged access made an unauthorised access to our website at Kerv.com. The individual is no longer connected with Kerv Wearables. The individual then provided Paul Moore (a well-known and respected Internet security consultant), with the access details who immediately contacted us. As soon as we had verified the position, we took immediate action to remedy the unauthorised access.
6.  
7. While the admin area of the website does store personal data (including name, address, email and security questions), it does not provide passwords, or direct access to the site databases, or any financial card information.
8.  
9. All card information is stored by third-parties and, in accordance with industry best practice, is provided to us in the form of anonymous secure tokens.
10.  
11. Following a thorough audit of our logs, we have no evidence to suggest any unauthorised access to our databases, nor that of the 3rd parties we work with. We have since amended and enhanced the security around access to the site for administrative purposes.
12.  
13. As a precautionary measure we recommend that you change your password and security questions for kerv.com which can be found in the the Security area within Settings.
14.  
15.  
16.  
17. I am extremely sorry this has happened and we will be implementing further additional security enhancements based on our findings. I apologise for the lack of availability of the site for 24 hours, but I believe it was the appropriate course of action to take while we fully investigated the issue
18.  
19. Yours Sincerely
20.  
21.  
22. Philip Campbell