Yes – this website is secure. We use HTTPS across the entire website. Whenever data such as debit or credit card or bank account details are sent or received on this site they are kept secure through encryption (we use 128-bit Transport Layer Security, or TLS, standard). This means that no third party can access this data.
This safeguards you when you transact on our website, e.g. when you apply for a new licence, renew an existing licence, view your TV Licence details online or update your details.
Please note, for additional protection, we use a Web Application Firewall (WAF) which may very occasionally prompt customers to answer a security question via the ‘Captcha’ process. Captchas look something like this:
In early September we were alerted to an issue with our website’s security following a technical update. We took the site down straight away so that we could fix it.
We take the security of our customer’s data very seriously. That’s why it’s our normal practice that when our customers make payments or send us financial or other personal details through our website, the data is encrypted to keep it safe.
While there is no evidence that our website has been subject to any sort of attack or that the security of our customers’ data has been compromised, we recently discovered that for a limited period – from 29 August until around 3.20pm on 5 September 2018 – some transactions carried out on the website were not as secure as they should have been.
This issue did not affect debit and credit card details but it may have affected customers’ personal details such as name, address and email or, if customers entered bank details, the sort code and account number. In some cases, this information was not encrypted when it was transmitted from the customer’s computer.
As soon as we discovered this issue we took the website offline and fixed it. We’re really sorry this happened, but want to assure you that the risk to you is low and we’ve taken action to ensure it doesn’t happen again.
We believe the risk of anyone else having seen information sent through to our website during that period is extremely low but, because we take a very cautious approach, we want to tell our customers what happened and recommend precautions customers can take to protect themselves.
A: Customers may have been affected if they visited the TV Licensing website from 29 August until around 3.20pm on 5 September 2018 and entered personal data into the website. The risk of customers having their data accessed is very low, and we are not aware of anyone’s data being obtained.
A: During this limited period, customer transactions using debit and credit cards were still encrypted. However, if the HTTP version of a web page was being used, personal data such as customers’ names, addresses, bank details (sort code and account number) given to us – for example, to set up or amend a direct debit - were not encrypted. There is no evidence of the website being subject to any sort of attack, or anyone having acted maliciously and the chances of anyone having accessed this information are very small.
A: In order to access your data, someone would need to have been aware the vulnerability existed, and also have been in a position to have been intercepting network traffic between your computer and the TV Licensing web servers at the time the transaction took place.
A: If you gave us personal details, including bank details, over the phone, these will have been kept securely.
A: As a precaution, we would suggest that you check your bank account to ensure there are no transactions which have not been authorised and check that direct debits haven’t been amended in any way. If you detect any suspicious activity on your account, you should contact your bank or building society urgently. If you have any further questions, you should contact TV Licensing on 0300 790 6024.
A: If you want to check that communications from TV Licensing are genuine, you can find more information here:
Other organisations can offer general advice such as Action Fraud:
A: As soon as we discovered this issue, we took the website offline to urgently fix it. The website has been restored with full security and all transactions are now encrypted again under HTTPS. We’ve urgently investigated and have established the cause so we can ensure it doesn’t happen again. Additionally, we’re contacting all customers urgently who we believe submitted their bank details during this period.
A: There is no evidence of the website being subject to any sort of attack, or that anyone has acted maliciously. The chances of anyone having accessed this information are very small and we have found no evidence this has happened.
A: We’re contacting all customers urgently who we believe submitted their bank details during this period.
A: If you made a transaction during this time and haven’t heard from us, or have any further questions, then please contact us on 0300 790 6035.
A: The risk of financial loss is very low. But yes, of course we will compensate you if you have been affected.