Posts

Showing posts from August, 2017

Cyber Security Roundup for August 2017

TalkTalk yet again made all the wrong cyber security headlines in the UK this month, after it was handed a £100,000 fine by the Information Commissioner's Office (ICO) for not adequately protecting customer records from misuse by its staff. The ICO investigated the Internet Service Provider after receiving complaints from customers, who said they received cold calls from scammers who knew their TalkTalk account information. Second-hand goods firm CeX disclosed a compromise of up to 2 million online customer accounts due to a hack, however, CeX has yet to disclose any details about the cyber attack. My blog post and advice about this is here  http://blog.itsecurityexpert.co.uk/2017/08/up-to-2-million-cex-customer-account.html Hackers had a field day taking over social media accounts, from Real Madrid and FC Barcelona to Game of Thrones , much embarrassment could have been avoided if they had adopted multi-factor authentication on the accounts, aside from the spate of...

Up to 2 Million CeX Customer Accounts Compromised by Security Breach

Image
If you are a CeX online customer, change your account password now, as the second hand UK goods chain has been informing over two million of its customers their personal details have been hacked. In a customer email CeX discloses they have been the subject of a security breach by a third party, and that's about as much detail as CeX are presently admitting about the cyber attack at the moment. Despite the CeX email referring to a " sophisticated breach of security " without any further detail about what happened, it is impossible to judge whether it was actually a sophisticated cyber attack or not. Rather oddly CeX have not forced a password change on their compromised customer accounts despite admitting account passwords were at risk.   My CeX Customer Advice Change your CeX password straight away. Ignoring the CeX website advice of using a 6 character password, which is too weak - see the Account Password section of this post below.  Alternatively you could als...

Cyber Security Roundup for July 2017

Apologises for the delay in this month's Cyber Security Roundup release, I been away on holiday and taking a breach for monitor screens and keyboards for a couple of weeks. The insider threat danger manifested at Bupa where an employee stole and shared 108,000 customer health insurance records. Bupa dismissed the employee and is planning to take legal action. The Bupa data breach was reported both to the FCA and the ICO, it remains to be seen if the UK government bodies will apportion any blame onto Bupa for the data loss.  The AA was heavily criticised after it attempted to downplay a data compromise of over 13 gigabytes of its data, which included 117,000 customer records. The AA’s huge data cache was incorrectly made available online after an AA online shop server was “misconfigured” to share confidential data backup files. A customer databreach for the World Wrestling Entertainment (WWE) should serve as a stark warning for businesses to adequately assure third ...

New Awards

Image
I've been away on holiday in sunny Bulgaria for the last couple of weeks and working on a few articles for IBM, delaying my monthly security roundup post this month. While away I was proud to learn the blog and website had been given a couple of awards.  Best Technology Blogs of 2017 by Market Inspector and an award by a panel at Feedspot . I'm not usually one for bleating on about awards as that's not the reason I started writing the blog over ten years ago, so lets put this rather narcissistic post down to having too much sun on my hols!