 |
| Firm says that it nipped breach in the bud |
Mobile Phone Seller Carphone Warehouse has joined the chorus of companies with a
confession to make, and has revealed that some of its customers need to change
their passwords. The
firm, like so many of its peers, has had a patch of passwords pickled by some
pesky people. Now known as Dixons Carphone/Carphone Warehouse, the company said
in a statement that it acted quickly once it discovered the attack and did its
best remediation work. It has even released a FAQ.
"On 5 August we
discovered that the IT systems of a division of Carphone Warehouse in the UK
had been breached by a sophisticated cyber-attack," said a spokesperson.
The INQUIRER report continues:
"This division
operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and
provides a number of services to iD Mobile, TalkTalk Mobile, Talk Mobile, and
to certain customers of Carphone Warehouse.
"We took immediate
action to secure these systems and launched an investigation with a leading
cyber security firm to determine exactly what data was affected. We have also
put in place additional security measures to prevent further attacks."
"Additional security measures" sounds like a reassuring thing for
customers to hear. And it is possible that the 2.4 million people who have had
their name, address, date of birth and bank details exposed to the hackers, or
the 90,000 who Carhose Workhouse said may have lost encrypted credit card data,
will take some solace from the additions.
Charlie Carthorse said
that the company and a collection of partners are contacting customers who
"might have been affected" and offering them advice. Anyone who shops
in Currys and PC World, which are part of the same company, can chill. Their
data doodahs are safe and sound and kept on separate systems.
Here comes the apology bit. "We take the security of customer data
extremely seriously, and we are very sorry that people have been affected by
this attack on our systems," said Sebastian James, group chief executive
of Dixons Carphone. "We are, of course, informing anyone that may have
been affected."
The security industry has
turned its attention to the incident and the announcement, and has not been
particularly complimentary.
"Many companies are
still flying blind when it comes to security, because 60 per cent think it
doesn't affect them. The truth is that it's not just a conversation for banks
or governments anymore - anyone and everyone is a potential victim of hacks and
data leaks," said Phil Barnett, EMEA VP and GM of Good Technology.
"Data is a company's
biggest asset, but many organizations haven't yet got to grips with how to
protect it in the new world order of mobile devices and cloud-based access. The
security challenge won't go away and companies need to change their mindset in
order to solve it."
Mike Spykerman, VP at
security software firm Opswat, suggested that companies must assume that they
will get attacked and make sure they have the best possible tools in place.
"The reality is that data breaches are no longer a question of if, but when. At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not. Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines," he said.
"The reality is that data breaches are no longer a question of if, but when. At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not. Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines," he said.
"By using multiple
anti-virus engines, the possibility that a spear phishing attack is detected is
considerably higher."
We say that if you used
log-in information for Carphone Warehouse on any other site then you really
ought to be out there changing your passwords.
No comments:
Post a Comment