Avatar photo

Senior Correspondent, IFSEC Global

August 13, 2015

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Hackers Extract Bank Details of 2.4m Carphone Warehouse Customers from Website

Hackers Extract Bank Details of 2.4mn Carphone Warehouse Customers from Website

GeographBot under CC BY-SA 2.0

The UK’s data protection watchdog has stepped in to investigate the causes behind the Carphone Warehouse hack that compromised the personal details of up to 2.4 million users.

Details of another 90,000 customer credit cards have also been declared at risk of breach by the mobile phone retailer.

The Information Commissioner’s Office is investigating the incident.

“We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience,” said Carphone Warehouse in a statement.

Customers of OneStopPhoneShop.com, e2save.com and mobiles.co.uk could also be affected. The company took down the affected websites and emailed a warning to customers when it became aware of the hack on Saturday.

Of the affected records about 480,000 are TalkTalk Mobile customers with the rest being Carphone Warehouse’s direct customers.

The company says additional measures have been taken to prevent a recurrence.

“The reality is that data breaches are no longer a question of if, but when,” said Mike Spykerman, VP at OPSWAT, a data services and security solutions provider.

“At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not. Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines.

“By using multiple anti-virus engines, the possibility that a spear phishing attack is detected is considerably higher. To avoid cyber attacks being successful, companies should prepare their defences by deploying several cyber security layers including device monitoring and management, scanning with multiple anti-malware engines, and advanced threat protection.”

Said Mark Bower, global director at HP Security Voltage: “Today’s new-breed of encryption and tokenisation techniques can render data itself useless to attackers, yet functional to business needs. This technology, such as Format-Preserving Encryption, is proven in leading banks, retailers and payment processors who are constantly bombarded and probed by attackers.

“By securing customer and card data from capture over the data’s journey through stores, branches, databases and analytic systems, businesses can avoid unnecessary decryption required by older generation disk or database encryption techniques.

“Data can stay protected in use, at rest, and in motion, and stays secure even if stolen. Modern vetted and peer reviewed data encryption is infeasible to break on any realistic basis. It’s a win-win for business, as it can be retrofitted to existing systems without complications and business change. Attackers who steal useless data they can’t monetize quickly move on to other targets.”

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments