Posts

Showing posts from July, 2018

Cyber Security Roundup for July 2018

The importance of assuring the security and testing quality of third-party provided applications is more than evident when you consider an NHS reported data breach of 150,000 patient records this month. The NHS said the breach was caused by a coding error in a GP application called SystmOne, developed by UK based 'The Phoenix Partnership' (TTP). The same assurances also applies to internally developed applications, case-in-point was a publically announced flaw with Thomas Cook's booking system discovered by a Norwegian security researcher . The research used to app flaw to access the names and flights details of Thomas Cook passengers and release details on his blog . Thomas Cook said the issue has since been fixed. The Information Commissioner's Office (ICO) fined Facebook £500,000 , the maximum possible, over the Cambridge Analytica data breach scandal, which impacted some 87 million Facebook users . Fortunately for Facebook, the breach occurred before the General D...

Cyber Security Roundup for June 2018

Dixons Carphone said hackers attempted to compromise 5.9 million payment cards and accessed 1.2 million personal data records . The company, which was heavily criticised for poor security and fined £400,000 by the ICO in January after been hacked in 2015 , said in a statement the hackers  had attempted to gain access to one of the processing systems of Currys PC World and Dixons Travel stores. The statement confirmed 1.2 million personal records had been accessed by the attackers. No details were disclosed explaining how hackers were able to access such large quantities of personal data, just a typical cover statement of "the investigation is still ongoing".  It is likely this incident occurred before the GDPR law kicked in at the end of May, so the company could be spared the new more significant financial penalties and sanctions the GDPR gives the ICO, but it is certainly worth watching the ICO response to a repeat offender which had already received a record ICO fine this...