Last month we reported on the low prices for which stolen personal details can be purchased on the dark web. Company data breaches are becoming more common. Here are 5 big breaches from 2016.
Kiddicare, the online child products retailer, exposed real customer data when testing a new website in 2015. But the breach was only discovered in early 2016 when customers began to receive suspicious text messages asking them to take an online survey. Although the company admitted that contact details of 800,000 customers had been breached, they insisted that no credit card data had been compromised.
The famous accountancy firm is a FTSE-100 company, so the insider attack reported is all the more serious. The employee data of up to 280 UK corporate customers, representing a large number of individual users was put at risk.
Perhaps the best-known breach of 2016 was seen at Tesco Bank, who had to freeze online operations after up to 20,000 customers had funds stolen from their accounts.
In fact, 40,000 accounts were compromised, with half of those having money stolen.
Tesco Bank would only confirm that the breach was subject to criminal activity, and gave no description of the means of attack.
The bank guaranteed to cover all financial losses, with chief executive, Benny Higgins, stating: ‘Any financial loss that results from this fraudulent activity will be borne by the bank. Customers are not at financial risk.’
Three, the mobile phone network, confirmed that their customer upgrade database was accessed by hackers, through an employee login.
Although the company insisted that no financial information was accessed, other information such as names, phone numbers, addresses and dates of birth of customers were obtained.
Ironically, three men have since been arrested by police in connection with the breach.
Sports Direct first noticed an internal systems compromise in September 2016, but it was not until December that they discovered the actual breach, which included names, email addresses and phone numbers of its entire workforce.
Access was gained through an unpatched content management system running on the open source DNN platform.
Although Sports Direct did notify the Information Commissioner?s Office, they avoided sharing details of the breach with staff – because there was no evidence that the data had been copied.
With company data breaches increasing rapidly, you should always be cautious of any suspicious request relating to your data.