Essential IT Security Updates - ICO are investigating a 10 million user data breach at Dixons Carphone
Hello again and welcome to our latest ‘Essential IT Security Updates’ newsletter : essential reading for IT security and data protection leaders like you wanting to stay ahead of developments and news in this ever-changing sector. This issue features more details that the ICO are investigating a 10 million user data breach at Dixons Carphone, the ICO have also hired a new director as a nod to a changing security landscape, Butlins have announced a major phishing attack resulting in 35,000 customer records being exposed and more…
As Britain faces new cyber threats, ICO appoints new executive director
“I am honoured to have the opportunity to join the ICO and lead their work in this critical area. Technological change continues to accelerate, and it is vital that the ICO remains constructively and robustly engaged as organisations innovate in the use of personal data.”
Dixons Carphone breach “under investigation” by ICO
The ICO have announced that they are investing the massive data breach from Dixons Carphone that resulted in nearly 10 million personal data records being affected. The ICO announced:
“Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected the personal data of 10 million records, which is significantly higher than initially stated. Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers.”
The ICO also stated they are working with the Financial Conduct Authority and the National Cyber Crime Agency to explore the breach and the wider impact on UK citizens.
34,000 Families affected by Butlins “hack”
Family entertainment and resorts group, Butlins, has announced that it was the victim of a phishing attack that resulted in 34,000 records being stolen - with name, address, contact details and booking details being leaked. The company stated that no financial information has been compromised and apologised for the breach. The company announced:
“We would like to apologise for any upset or inconvenience this incident might cause. Butlins takes the security of our guests data very seriously and have improved a number of our security processes. We cannot be definitive at the moment with regard to whether all the data was hacked.”
The company has setup a dedicated website to help customers affected by the hack understand more about what has happened and what details may have been affected. The website is available here : https://www.butlins.com/data.aspx
Major websites flagged up as “not secure” by Chrome
The latest version of Chrome has flagged up “not secure” pop-ups for sites not using HTTPs - the secure version of the internet’s data transfer protocol system, as approved by the web’s governing body. The use of HTTPs standards is designed to improve user protection against theft and hacking. However, according to research, only 20% of the top 500 most popular websites have transferred to HTTPs. This new “not secure”warning could affect brand trust and smaller businesses should heed this warning.
The new “not secure” flag has appeared on major UK sites - from Argos, Sky Sports to Mail Online. The National Cyber Security Agency, a GCHQ division, argues:
“Securing websites, so they keep user data private, is an essential element of the modern web. There are many aspects to this, but a couple of the most important are: ensuring that users see the site they are expecting, and that their data is protected when they send it to the site. Fortunately, both of these are easily achieved using HTTPS.”
By moving to HTTPs you can help your website remain secure and trusted by consumers in an ever-changing cyber security landscape.
Don’t forget your patch updates, warns Security Week
It is a boring part of the IT security landscape but “Common Vulnerabilities and Exposures” (CVEs), are a key area within the patch management strategies. IT leaders need to understand the importance, Security Week argues, when considering patch update pathways. Vulnerabilities could be attached at any moment. Therefore, identifying and actioning these vulnerabilities through pro-active patch management strategies can help to secure IT estates from invasive cyber threats and attacks. Security Week highlights the importance of Business Risk Intelligence to help inform IT leaders about the potential risks in order to make more informed decisions.
However, Security Week argues that there are risks involved in dovetailing the BRI and the CVE in order to better understand risk. The CVE score system is often incorrectly linked to business risk when in fact BRI is the best calculation of risk within a business - and their IT estate.
One third of SMEs still not GDPR compliant
Marketing Signals research noted:
“The research shows there are many ways that businesses are admitting to not following the newly enforced GDPR. GDPR is the most fundamental change to ever happen to data privacy, so it is imperative that businesses follow this and complete the process as soon as possible. Businesses need to understand that acting responsibly and ethically with customer data is crucial to protect and enhance brand reputation and ensure customer trust. Not only this, but it will enhance the quality of data collected, which is a good thing for UK businesses."
Until next time ...