Almost a third of these breaches were down to organisations neglecting simple security procedures, whilst over 75% were caused by issues at the application layer, often related to out-of-date software, insecure third-party payment systems, or inadequate scanning. All of these breaches therefore contravened Payment Card Industry Data Security Standard (PCI DSS) requirements.
In one organisation, a coding error present in the website login page enabled an attacker to obtain usernames and password hashes – ultimately allowing access to the organisation’s web server. Another case saw up to 40 employees using the same password for the server, and having full admin rights to the overall system.
The analysis also revealed that the GBP 1.74 million in fines issued for these incidents by the ICO in this time period could have amounted to almost GBP 889 million under the General Data Protection Regulation (GDPR), Cyberfort Group added in their official press release.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now