Devaluing Data

If they do hack you, make sure it’s not worth their while 2015 will doubtless be viewed by many as the year of the big data breach; through the year we’ve learned of massive data breaches that have compromised the data of hundreds of thousands of individuals. Most recently we’ve seen announcements of data breaches from the British pub chain ‘J D Wetherspoon’ and the hi-tech toy manufacturer ‘VTech’. The Wetherspoon hack, according to the email sent out by the company’s CEO – John Hutson – took place between 15th and 17th June against the company’s website – which has subsequently been replaced. While personal data of some 650,000 customers may have been compromised – names, addresses and dates of birth and so on, only around 100 customers card details were compromised – those that had bought vouchers online. And Wetherspoon’s report that they only stored the final 4 digits of payment card data, so full card data could not have been compromised. Phew! So, no payment card data compromised, but potentially rich pickings for identity thieves. And I suspect that J D Wetherspoon will be getting a visit from the Information Commissioner’s Office. Similarly the data breach at VTech’s ‘Learning Lodge’ app store compromised the personal details of five million customers, that’s names, addresses, passwords, children’s birthdays and so on. As we’ve said here repeatedly through the year, if your company stores data, then it’s at risk of being stolen. Recent data breaches have been accomplished by teenagers, often using relatively unsophisticated hack techniques. The important thing – other than doing your best to keep the hackers out...

Talk Talk hit by major data breach

Once again, a major data breach has hit the headlines, this time it’s Talk Talk. The company claims that ‘there is a chance that… Credit card details and/or bank details’ of up to 4 million customers may be compromised in a ‘significant and sustained cyber-attack’. I wrote here back in July that cyber terrorists were an emerging threat, and the Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4’s Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. He said that hackers claiming to be a cyber-jihadi group had posted data that appeared to be private information from TalkTalk customers’ private information – although he stressed their claim was yet to be verified or investigated. As Daniel Dresner a Lecturer in Information and cyber security and governance at Manchester University’s School of Computer Science observed on BBC ‘Breakfast’ on October 23rd – “There’s four million customers, if they (the hackers) do four million one pound transactions, that’s not a bad haul.” Stephen Orfei the General Manager of the PCI Security Standards Council observed at the PCI Congress in Berlin in 2014 that payment card fraud was like a water filled balloon, you squeeze one place and it appears someplace else. And we all know that Chip & Pin has, since its introduction in 2004, greatly reduced ‘Customer Present’ fraud in the UK. As Stephen Orfei observed the crime isn’t going away, and why steal a single credit card when you can potentially harvest four million? What does this mean to your business? While we acknowledge that the...