by Bob | Dec 7, 2015 | Views
If they do hack you, make sure it’s not worth their while 2015 will doubtless be viewed by many as the year of the big data breach; through the year we’ve learned of massive data breaches that have compromised the data of hundreds of thousands of individuals. Most recently we’ve seen announcements of data breaches from the British pub chain ‘J D Wetherspoon’ and the hi-tech toy manufacturer ‘VTech’. The Wetherspoon hack, according to the email sent out by the company’s CEO – John Hutson – took place between 15th and 17th June against the company’s website – which has subsequently been replaced. While personal data of some 650,000 customers may have been compromised – names, addresses and dates of birth and so on, only around 100 customers card details were compromised – those that had bought vouchers online. And Wetherspoon’s report that they only stored the final 4 digits of payment card data, so full card data could not have been compromised. Phew! So, no payment card data compromised, but potentially rich pickings for identity thieves. And I suspect that J D Wetherspoon will be getting a visit from the Information Commissioner’s Office. Similarly the data breach at VTech’s ‘Learning Lodge’ app store compromised the personal details of five million customers, that’s names, addresses, passwords, children’s birthdays and so on. As we’ve said here repeatedly through the year, if your company stores data, then it’s at risk of being stolen. Recent data breaches have been accomplished by teenagers, often using relatively unsophisticated hack techniques. The important thing – other than doing your best to keep the hackers out...
by Bob | Nov 25, 2015 | Views
Point of Sale terminals may have compromised customers’ card details. Computer Weekly has today reported that Hilton International has identified malware on its Point of Sale (PoS) terminals that may have compromised customers’ card details. This isn’t unique to Hilton Hotels, similar data compromises have recently been identified at the Mandarin Oriental Group, the Las Vegas Hard Rock Hotel & Casino, the LAs Vegas Sands Casino and Trump Hotels. As a precautionary measure, the Hilton hotel group advised customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel between 18th November and 5th December 2014, and between 21st April and 27th July 2015. We at Compliance3 don’t often speak about Point of Sale (or ’Customer Present’) fraud, according to the UK Cards Association “Card Fraud losses in in 2012 were down 75 per cent since the peak losses of £218.8 million in 2004, prior to the roll out of Chip & PIN in the UK.” But payment streams are inextricably linked – the criminals won’t be going away any time soon – and as ‘Chip & Pin’ gets rolled out across the United States it is expected that ‘Customer Present’ fraud will follow the UK experience and fall significantly. However as ‘Customer Present’ fraud falls, it is anticipated that ‘Customer Not Present’ fraud will increase – to an estimated $6.4bn in 2018 across the United States. And contact centres – payments by telephone – continue to be seen as a target for criminals. According to Detective Chief Inspector Derek Robertson of Strathclyde Police ”We know of organised crime groups...
by Bob | Nov 11, 2015 | Views
Now we know the size, scope and costs of the October data breach Now that the dust has settled over October’s Data Breach at Talk Talk we now have ‘the facts’. Contrary to initial reports, it now transpires that the breach was not, as first reported, instigated by cyber-terrorists, but by a bunch of disaffected teenagers. I’m not sure which prospect is more disconcerting. The facts as now reported are that the ‘significant and sustained‘ breach compromised the details of nearly 157,000 customers and 15,600 bank sort codes and account numbers. 28,000 credit card numbers were leaked, but these had been obscured and thus could not be used for payment transactions; they could, however, be used by spammers to add credibility when making calls to Talk Talk customers. Given that personal data was compromised, and that it’s not the first time that Talk Talk have been hacked, it’s likely that they will be penalised by the Information Commissioners Office. It’s now likely that 2015 will be seen as the year of the data breach; Theresa May, the Home Secretary, recently told Parliament that “90% of large organisations suffering an information security breach last year“. We help businesses to reduce their exposure by ensuring that payment card data never enters their data environment and, in simple terms, even if your company suffers a data breach, then your customers’ payment card data can’t and won’t be compromised. Give us a call, let’s see how we can help...
by Bob | Oct 23, 2015 | Uncategorised
Once again, a major data breach has hit the headlines, this time it’s Talk Talk. The company claims that ‘there is a chance that… Credit card details and/or bank details’ of up to 4 million customers may be compromised in a ‘significant and sustained cyber-attack’. I wrote here back in July that cyber terrorists were an emerging threat, and the Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4’s Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. He said that hackers claiming to be a cyber-jihadi group had posted data that appeared to be private information from TalkTalk customers’ private information – although he stressed their claim was yet to be verified or investigated. As Daniel Dresner a Lecturer in Information and cyber security and governance at Manchester University’s School of Computer Science observed on BBC ‘Breakfast’ on October 23rd – “There’s four million customers, if they (the hackers) do four million one pound transactions, that’s not a bad haul.” Stephen Orfei the General Manager of the PCI Security Standards Council observed at the PCI Congress in Berlin in 2014 that payment card fraud was like a water filled balloon, you squeeze one place and it appears someplace else. And we all know that Chip & Pin has, since its introduction in 2004, greatly reduced ‘Customer Present’ fraud in the UK. As Stephen Orfei observed the crime isn’t going away, and why steal a single credit card when you can potentially harvest four million? What does this mean to your business? While we acknowledge that the...
