Bhavesh Kumar

Senior Correspondent, IFSEC Global

August 13, 2015

Sign up to free email newsletters

Download

Mobile access series #1: What you need to know

Hackers Extract Bank Details of 2.4m Carphone Warehouse Customers from Website

Hackers Extract Bank Details of 2.4mn Carphone Warehouse Customers from Website

GeographBot under CC BY-SA 2.0

The UK’s data protection watchdog has stepped in to investigate the causes behind the Carphone Warehouse hack that compromised the personal details of up to 2.4 million users.

Details of another 90,000 customer credit cards have also been declared at risk of breach by the mobile phone retailer.

The Information Commissioner’s Office is investigating the incident.

“We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience,” said Carphone Warehouse in a statement.

Customers of OneStopPhoneShop.com, e2save.com and mobiles.co.uk could also be affected. The company took down the affected websites and emailed a warning to customers when it became aware of the hack on Saturday.

Of the affected records about 480,000 are TalkTalk Mobile customers with the rest being Carphone Warehouse’s direct customers.

The company says additional measures have been taken to prevent a recurrence.

“The reality is that data breaches are no longer a question of if, but when,” said Mike Spykerman, VP at OPSWAT, a data services and security solutions provider.

“At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not. Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines.

“By using multiple anti-virus engines, the possibility that a spear phishing attack is detected is considerably higher. To avoid cyber attacks being successful, companies should prepare their defences by deploying several cyber security layers including device monitoring and management, scanning with multiple anti-malware engines, and advanced threat protection.”

Said Mark Bower, global director at HP Security Voltage: “Today’s new-breed of encryption and tokenisation techniques can render data itself useless to attackers, yet functional to business needs. This technology, such as Format-Preserving Encryption, is proven in leading banks, retailers and payment processors who are constantly bombarded and probed by attackers.

“By securing customer and card data from capture over the data’s journey through stores, branches, databases and analytic systems, businesses can avoid unnecessary decryption required by older generation disk or database encryption techniques.

“Data can stay protected in use, at rest, and in motion, and stays secure even if stolen. Modern vetted and peer reviewed data encryption is infeasible to break on any realistic basis. It’s a win-win for business, as it can be retrofitted to existing systems without complications and business change. Attackers who steal useless data they can’t monetize quickly move on to other targets.”

Free Download: Cybersecurity and physical security systems: how to implement best practices

If you are involved in the operation or maintenance of physical security systems, this resource from Vanderbilt will help you choose the right equipment for staying diligent. It provides a five step process for strengthening the resilience of those systems against cyber-attack, as well as explaining what cyber-attacks mean in an interconnected world.

Discover the five step process now by clicking here.

Related Topics

Leave a Reply

avatar
  Subscribe  
Notify of

Sign up to free email newsletters