Almost a third of these breaches were down to organisations neglecting simple security procedures, whilst over 75% were caused by issues at the application layer, often related to out-of-date software, insecure third-party payment systems, or inadequate scanning. All of these breaches therefore contravened Payment Card Industry Data Security Standard (PCI DSS) requirements.
In one organisation, a coding error present in the website login page enabled an attacker to obtain usernames and password hashes – ultimately allowing access to the organisation’s web server. Another case saw up to 40 employees using the same password for the server, and having full admin rights to the overall system.
The analysis also revealed that the GBP 1.74 million in fines issued for these incidents by the ICO in this time period could have amounted to almost GBP 889 million under the General Data Protection Regulation (GDPR), Cyberfort Group added in their official press release.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright