Following the breach at fast food chain Domino’s, in which hackers claim to be holding 600,000 customers’ data to ransom, Steve Smith, MD of data security firm Pentura, gives his analysis of the latest security breach to hit news headlines.
This week’s news that 600,000 customer records have been stolen from Domino’s yet again raises questions about just how seriously large corporations and big brands are taking data protection
It is the second time in less than a month that we have seen customers’ personal details compromised after the records of 145 million people were affected by a breach of eBay’s networks.
For a period of time hackers had turned their attentions away from big businesses as they were seen as too tough a target and as a result they turned their attentions to smaller, less resourced targets. However, it would appear that in this period larger organisations have become complacent in their security practices and hackers have been quick to once again re-focus their efforts onto big, data rich organisations.
Although it is not certain exactly what records have been affected, it is staggering that the personal details of so many customers were seemingly left unencrypted and susceptible to this kind of attack – especially when you consider the warning shots that have been issued with previous high profile attacks. If claims are accurate and indeed 600,000 customer records have been compromised that is a large amount of data that should have been better protected. The possibility that a large organisation could even consider leaving data as plain text on a server is surprising to say the least.
More on protecting business data:
- Securing customer details – What every business needs to know
- How to safeguard a company against data loss
- IP protection key to success
As a result of this attack there’s an additional risk of phishing attacks. Consumers should be aware that the value of that data to criminals and fraudsters should not be underestimated – nor should the potential damage that they could suffer as a result. When these serious ramifications are brought into consideration it is concerning that Domino’s took four days to alert customers to the potential risks they faced.
People should be very cautious about clicking on links in emails which claim to be from Domino’s, no matter how authentic they seem to be. There’s a very real risk that attackers will try and exploit this attack to send phishing emails to users, to try and harvest more sensitive data.
It will also be interesting to see what response, if any, various industry bodies take in punishing firms for bad practice. For instance if payment card data has been left unencrypted and has been compromised, will the PCI Council move to fine organisations or stand idly by.
Business of all sizes should be reviewing their data handling and storage practices as a matter of urgency in the coming days and weeks to ensure that they are not unwittingly offering an easy target for hackers. This should include ensuring that all sensitive data is strongly encrypted. In addition to this businesses should be ensuring that all employees are aware of potential threats and are up to speed with best practice as hackers often target employees first to gain a foothold they can later exploit. Education of staff will help ensure that the organisation is adequately prepared for the risk posed by cyber-attacks.