If they do hack you, make sure it’s not worth their while
2015 will doubtless be viewed by many as the year of the big data breach; through the year we’ve learned of massive data breaches that have compromised the data of hundreds of thousands of individuals.
Most recently we’ve seen announcements of data breaches from the British pub chain ‘J D Wetherspoon’ and the hi-tech toy manufacturer ‘VTech’.
The Wetherspoon hack, according to the email sent out by the company’s CEO – John Hutson – took place between 15th and 17th June against the company’s website – which has subsequently been replaced.
While personal data of some 650,000 customers may have been compromised – names, addresses and dates of birth and so on, only around 100 customers card details were compromised – those that had bought vouchers online. And Wetherspoon’s report that they only stored the final 4 digits of payment card data, so full card data could not have been compromised. Phew!
So, no payment card data compromised, but potentially rich pickings for identity thieves.
And I suspect that J D Wetherspoon will be getting a visit from the Information Commissioner’s Office.
Similarly the data breach at VTech’s ‘Learning Lodge’ app store compromised the personal details of five million customers, that’s names, addresses, passwords, children’s birthdays and so on.
As we’ve said here repeatedly through the year, if your company stores data, then it’s at risk of being stolen. Recent data breaches have been accomplished by teenagers, often using relatively unsophisticated hack techniques.
The important thing – other than doing your best to keep the hackers out – is to devalue any data they might steal.
Payment card data is the most obvious, but by not storing data that could be of value to hackers then you’re reducing the risk to your company and your customers.
And that has got to be a good thing.
Give us at Compliance3 a call, let us see he we can help you.