Subway UK customers received strange emails from ‘Subcard’ about a Subway order that was placed yesterday. Included in the emails were links to documents allegedly containing confirmation of the order. These emails contained a customer’s name and were using email addresses that some users created specifically for Subway. Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden emails sent to customers yesterday. Subway has also started to send disclosure emails to affected customers that states that the customer’s first name and last name were exposed in the attack.
Source: https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/