Exposed financial data down to deficient security measures

Friday 25 January 2019 11:03 CET | News

21% of fines issued by the Information Commissioner’s Office (ICO) between 2015 and 2018 involved insecure payment card data or financial information, according to Cyberfort Group.

Almost a third of these breaches were down to organisations neglecting simple security procedures, whilst over 75% were caused by issues at the application layer, often related to out-of-date software, insecure third-party payment systems, or inadequate scanning. All of these breaches therefore contravened Payment Card Industry Data Security Standard (PCI DSS) requirements.

In one organisation, a coding error present in the website login page enabled an attacker to obtain usernames and password hashes – ultimately allowing access to the organisation’s web server. Another case saw up to 40 employees using the same password for the server, and having full admin rights to the overall system.

The analysis also revealed that the GBP 1.74 million in fines issued for these incidents by the ICO in this time period could have amounted to almost GBP 889 million under the General Data Protection Regulation (GDPR), Cyberfort Group added in their official press release.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: GDPR, PCI DSS, payment card data, financial information, IT security, fraud prevention, data security, online security, study
Countries: World