I wasn't going to blog about Carphone Warehouse being fined £400k by the ICO for a breach, because boring-boring-you've-done-this-before, but then I couldn't help myself. Carphone's offence? A data breach. Resulting from poor maintenance of cyber security on an internet-facing webserver. You remember TalkTalk? They were fined £400,000 just over a year ago. For a … Continue reading What does it take?
I am so tired of seeing stable doors bolted. It seems that anyone who has stewardship of sensitive data largely ignores that responsibility until they’ve been compromised, then rushes to spend fortunes proving how much better they’re going to do it in future. I’m looking at you, TalkTalk, but I’m also thinking of Equifax. After … Continue reading Can’t you just pretend you’ve been hacked?
And in other entirely unrelated news, we still haven't had a single report of a widespread POS malware attack on a UK retailer. Almost every US hotel chain; several very large US retailers including Walmart (Asda's parent); and so on and so forth. But never in Britain. I'm sure this is entirely unrelated to our … Continue reading Tills down at Asda…
The ICO has finally delivered its verdict in the TalkTalk hacking case. They've fined them £400k, which is a record for the current regime, and made some very telling comments - many of which echo things you'll have heard before, if you read this blog regularly. Three key take-aways, I think: £400k sounds like a … Continue reading Sometimes I love the ICO
Well, not wakes so much as stirs, mumbles, farts and rolls over, but it’s a start. What am I on about? Yesterday’s report from the Parliamentary Committee on Cyber Security. Here I go again, reading this stuff so you don’t have to. First up is the thorny issue of Board responsibility for security. I’ve talked … Continue reading The Kraken wakes
It’s hard to know what - indeed, whether - to post in the wake of the Paris attacks. I’d just come off the phone to a French client when the news broke, which made it feel all the more immediate and proximate. I wish we had a simple answer to this awful conflict; at the … Continue reading Business as usual
The TalkTalk saga grinds on. It’s abundantly clear that their security was inadequate. Even their CEO admits it, although she’s determinedly clinging on to her job – presumably some poor sucker in IT will eventually carry the can. After all, that’s what happened at Target. What’s interesting is not so much that they were hacked, … Continue reading What’s worse – poor security or poor communications?
So now we have our own Target. Details are still sketchy, but it looks as though millions of TalkTalk customers have been thoroughly compromised. From the sound of it, there were some pretty basic failures, including lack of encryption and retention of sensitive data in the same location as everything else. Was this predictable? Of … Continue reading Less TalkTalk, more action