BlueBrixx victim of a Cyber attack (Dec. 21, 2023)

[German]Bad news that reached me a few hours ago via a blog reader (thanks for that). On December 21, 2023, the company BB Services GmbH informed its customers that it had been the victim of a cyberattack. The company is known under the name BlueBrixx as a manufacturer and retailer of brick sets (similar to Lego® bricks). Customer data can be affected, from names and ordered items to passwords. Only payment information should not be affected, as this is held by an external service provider.

When I received the email from German blog reader Frank, I immediately thought of BrickLink, a popular online marketplace for Lego® bricks, which announced a cyberattack in November 2023 (see Lego marketplace BrickLink probably hacked). But BlueBrixx, or the BB Services GmbH, is a different vendor. As the company's website is currently unavailable, I did some research on the Internet. I found the tweet below, mention a cyber attack.

Frank has forwarded the email with the information that BB Services GmbH also sent to its customers via their medium (the websites don't help). According to the email, the company recently discovered irregularities in its IT system, which turned out to be a cyber attack. The company assumes that customer data was also tapped during this attack. The retailer is informing customers that the following customer data may have been affected:

• Name,
• e-mail address,
• billing and delivery address,
• ordered iems,
• password in encrypted format.

Credit card information, bank details and PayPal account information are excluded from this, as these are not stored by our company and payment processing is carried out by recognized external service providers. As a precautionary measure, the company recommends that users change their password for the BlueBrixx.com online store. This can easily be done by logging into the account and updating the password under "My Account > My Details". However, the instructions for the "easy procedure" currently have the catch that the website (at least when I tried it) is simply not accessible. Below is the original message to English speaking customers.

Dear customer,

I would like to inform you today about an event that is of great significance to all of us at BB Services GmbH. Recently, we became aware of irregularities in our IT system that turned out to be the result of a cyberattack. We have immediately contacted the relevant authorities (i.e., the police and the Hessian Commissioner for Data Protection and Freedom of Information). In parallel, we are closely collaborating with our external data protection officer.

Despite our efforts to ensure data security, we regret to inform you that some customer data may have been affected by this attack. Therefore, we would like to inform you that we cannot rule out the possibility that your data may have been compromised.

The potentially affected information includes:

• Name,
• e-mail address,
• billing and delivery address,
• ordered iems,
• password in encrypted format.

Credit card information, bank details, and PayPal account information are not included, as these are not stored by our company and payment processing for these is carried out by recognized, external service providers.

We take the security of your data very serious and recommend, as a precaution, that you change your password for our online shop BlueBrixx.com. You can easily do this by logging into your account and updating your password under "My Account > My Data."

In response to this incident, we are strengthening our security measures to minimize future risks. The affected server was immediately secured and the vulnerabilities were fixed. We are committed to doing everything in our power to ensure the security of your data.

We handle your data with great sensitivity. Nevertheless, the cyberattack has shown that absolute security does not exist.

For any questions or concerns, our customer service team is available via email at infomail[@]bluebrixx.com or by phone at +49 (0)6145 / 3501 – 100 on Monday to Friday between 8:30 AM and 4:45 PM.

Kind regards,
Andreas Becker
Managing Director, BB Services GmbH