News of the shocking Carphone data breach this month reminds us all about the vulnerability of our online data. It’s timely that this year June is also Scam Awareness Month which aims to highlight cybercrime and give advice on guarding against getting scammed.
Data breach in in major business
This month Dixons Carphone revealed that a huge data breach had occurred involving some 5.9 million payment cards and 1.2 million personal data records. The revelation was followed by real fears of hackers getting access to the data leading to a wave of cybercrime.
A branch of GCHQ, Britain’s intelligence and security service, is investigating what is one of the UK’s biggest data breaches at a single firm. The National Cyber Security Centre is working with the electrical retailer and others to look into the digital vulnerabilities.
Following the data lapse, the firm has suffered a profit slump. It has incurred a massive damage to its reputation. Existing customers are worried about their card data and personal details falling into the wrong hands while potential new customers will think twice about entrusting the company with their data.
How are Carphone customers affected?
● Access to pin codes, CCV (card verification value) security numbers and other authentication data have all potentially been compromised. However Carphone have said that attackers have not gained access to the ‘vast majority’ of these financial payment details.
● However, some 105,000 non-EU issued payment cards without chip and pin protection have been compromised. The firm has had to take action and says it has notified card companies and banks.
● Aside from the payments cards, the 1.2 million personal data records which have been accessed means that non-financial personal customer data, such as name, address or email address have potentially been leaked. Dixons insist that there is, so far, no evidence of any resulting fraud.
The shocking story is a reminder for businesses everywhere about the need to protect customer data. While the adoption of new technology brings undoubted huge advantages to businesses – for example in efficiency and sales – it’s important to pay attention to data security too.
Financial penalties for data breach
The Dixon Carphone data breach transgresses the new GDPR rules but there are claims that as the breach itself actually occurred before the new laws came into effect in May 2018, the firm may not be subject to the penalty fines which would otherwise have applied – a maximum of £17.6 million or 4% of global turnover, whichever is greater. The independent regulator, the Information Commissioner’s Office (ICO), said it was investing whether the breach is dealt with under GDPR or the previous Data Protection Act rules, under which the maximum fine imposed would be £500,000.
Shockingly, it was only in January that the regulator fined Carphone Warehouse £400,000 following a 2015 cyber-attack which exposed the personal data of more than 3 million customers. The ICO said the firm had left its systems vulnerable by failing to update its software and carry out routine testing.
Scam Awareness Month
This June is Scam Awareness Month . The aim is to raise awareness about the prevalence of scams and provide information about how people can protect themselves.
While scams of many types have long existed, the digital era has brought new opportunities for criminals intent on fraudulently getting their hands on your money or other goods. We never think it will happen to us but cyber criminals are constantly coming up with new ways of conning us.
Some of the most common digital scams include:
● Online spamming and phishing emails – these are cyberattack that try to obtain personal details, such as usernames or passwords. It could be via an email, a phone call (sometimes called a voice-phishing, or “vishing” attack), or even a text message (sometimes called an SMS-phishing, or “smishing” attack).
● Stealing payment card details and using them to make their own purchases
● Harvesting your personal data and selling them on to other online criminals
● Subscription traps – where people genuinely respond to an online advert offering a free trail for a product and have to enter their credit card details – however, the victim ends up being debited on a regular basis because they have unknowingly agreed to a ‘continuous payment authority’ (CPA), an agreement which authorises traders to take money from your account.
Scamming while shopping online
A major source of digital scamming is when we shop online. It’s important to shop securely and protect yourself.
Did you know that £660m lost each year through retail crime, at least £36m of this is due to online criminal activity? (British Retail Consortium’s Retail Crime Survey 2016).
Some tips to guard against retail scamming include:
● Don’t follow unknown links – You should never follow any unknown links that are sent to you without your expecting them. Clicking on them could mean you may be sent to an unsecure site. Be aware of how your bank would get in touch with you to inform you of any fraudulent activity. Some cybercriminals are able to imitate your bank and send you messages. If it’s an online retailer, again verify whether the email is legitimate.
● DoS or “denial-of-service” – This is one of the most common forms of cyberattack – 46 per cent of retail businesses today consider this to be a top cyber threat. This kind of attack describes a hacker temporarily – or indefinitely – taking a website out of action by overloading or “flooding” the server. This can potentially damage any data held there.
● Create a strong password – the government’s Cyber Aware scheme advises choosing three random words – be creative and choose things that are memorable to you, but avoid things such as your favourite sports team, your date of birth, or your child’s name, for example, which are quite easy to guess. A mixture of letters, numbers and symbols can be used if needed. Be sure to use a strong, separate password for your email account – so if you do get unlucky and suffer a cyberattack, the hacker won’t be able to access all your other accounts easily.
● Avoid sharing any sensitive information via public networks – This is because cybercriminals can set up fake Wi-Fi hotspots, which lets them intercept your online activity. If you use these hotspots to make a card payment, for example, criminals could gain access to your card details, meaning you could become a victim of cyber fraud or financial loss.
● Back up data – if your device is infected by a virus or malware, or accessed by a criminal, your data may be damaged, deleted or held to ransom. This means backing up your data is very important, so you have another copy. Limit the chances of cybercriminals intercepting it by making sure you don’t leave it connected to your device between back ups, and by using a secure, local network connection.
Check out the Government’s Take Five campaign for more on how to spot potential scams.
If you are the victim of a scam, the advice is to report it immediately – you can report scams on the Action Fraud website.
It’s important for businesses to be able to reassure their customers that their data is safe with them. Businesses themselves need to ensure they have taken every precaution to avoid the fate of companies in the news recently – profit loss and reputation damage. Get an IT health check by a reputable company.
360ict Ltd provides professional advice and action on tackling cybersecurity. We are an industry-leading IT support company with over a decade of experience and bring increased IT capability within the reach of all businesses.