An update from Whisky Auctioneer with information and frequently asked questions on the recent Cyber Incident. Important Notice: Cyber Incident Update

Back to news

We want to thank our customers for their patience and continued support during this time.  The Whisky Auctioneer Team alongside IT and cyber security experts have been working hard on the investigation and implementing actions that address the findings to ultimately get our services back up and running.  

The reliability and security of our service for our customers is paramount, and we needed to take this time to investigate things fully and make sure we have steps in place to support the integrity of our service so we can continue delivering to the high-level our customers have come to expect.   



We were victims of a sustained Distributed Denial-of-Service (DDoS) attack on Monday 20 April 2020 causing significant disruption to our service, but with no evidence of data compromise as a result of this specific attack.   

Despite our immediate response  with  actions to  protect against this occurring again, a further targeted, technically sophisticated, sustained and malicious attack occurred. This occurred at around 22:30 (BST) on 21 April 2020. Shortly after, we took down the site in order to facilitate investigations.  We also subsequently alerted Police Scotland, Action Fraud: The National Fraud & Cyber Crime Reporting Centre and the Information Commissioner's Office.  

At this stage we do not believe that payment details (credit/debit card or bank account information), if stored with us, were subject to unauthorised access.​​​​ Still, we take data security seriously, so as a precaution we informed those customers who could potentially have been impacted and gave them some recommended steps to take as a precaution.



As valued customers, we are keen to give you information so you can understand what happened and how our services will continue in the future.  This is a balance though – being one step ahead of any malicious parties is vital and therefore some of the changes may not be immediately apparent but are going on in the background to ensure we are on the front foot.  We can give you an overview of the key things that have been happening to help mitigate this in the future: 


  • Even faster response times to cyber attack: Although we were quick to identify the cyber attack and subsequent steps, we will enhance this response time even further.  This includes implementation of improved monitoring systems along with technical improvements that assist in automated response.  In addition, we have redundancies built in through access to additional, highly-experienced resources. 

  • Additional security considerations on top of what is already in place: Security of the site is something we take seriously.  Most of these developments will be behind the scenes, but you will see some things changing as we go forward – for example, a hardened password security policy. You may notice this initially through a mandatory reset of passwords and stricter password requirements. 

  • Website improvements to minimise impacts: Changes, again, will be mostly behind the scenes. However, we are looking at this from two perspectives and also identifying where these changes will not just minimise impacts but also potentially improve services on the site. 

  • Keeping one step ahead: The type of attack that was conducted on us is a reality to businesses based entirely online, or even just with a presence there. As such we need to work together in partnership with others in a similar position to share knowledge, plans and strategies and information pertaining to malicious tactics and techniques.  We are actively pursuing opportunities to become part of the wider discussion and partnership working surrounding cyber security both at a local and national level. 

  • Continue to support the investigation: The investigation confirmed that this was a targeted and malicious attack. We notified the relevant authorities and we will continue to work with them to identify the parties responsible. 



We will be shortly releasing the updated schedule of auctions designed to have as little disruption as possible to the planned calendar for the remainder of the year.   Once this is finalised, we will post the schedule on our site and send an e-newsletter to subscribers with more detailed information. 



As noted in previous communications, we are looking ahead to identify the best time to restart The Perfect Collection: Part Two and we will confirm this date as soon as we are able.   

Note that due to the timeframe elapsing in restarting this auction we feel that the best way to proceed is to remove existing bids and restart the auction  from the starting  bid levels. This approach takes into account that customer circumstances might have changed in the intervening weeks  and we could not rightly hold them accountable for bids placed previously.  



Your bottles will be automatically  listed in the next auction that runs and we will be in touch with you as soon as we are able to confirm a date for this. Until that time, rest assured that your bottles remain safe and secure in storage with us. 



Our Customer Service team is available to help, so please contact them regarding any further questions you may have.