Almost a third of these breaches were down to organisations neglecting simple security procedures, whilst over 75% were caused by issues at the application layer, often related to out-of-date software, insecure third-party payment systems, or inadequate scanning. All of these breaches therefore contravened Payment Card Industry Data Security Standard (PCI DSS) requirements.
In one organisation, a coding error present in the website login page enabled an attacker to obtain usernames and password hashes – ultimately allowing access to the organisation’s web server. Another case saw up to 40 employees using the same password for the server, and having full admin rights to the overall system.
The analysis also revealed that the GBP 1.74 million in fines issued for these incidents by the ICO in this time period could have amounted to almost GBP 889 million under the General Data Protection Regulation (GDPR), Cyberfort Group added in their official press release.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.