Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

data breach

logo-morrisons-grocery copy

Morrisons staff sue over data breach

Grocery giant Morrisons is being sured by thousands of current and former employees in a class action over damages brought about from a data leak.

The case at London’s High Court follows a breach of security in 2014, when a former senior internal auditor, Andrew Skelton, working at the retailer’s Bradford HQ, posted the payroll information of nearly 100,000 employees on the internet.

The information included bank, salary and national insurance details, phone numbers and addresses.

Skelton was found to bore a grudge against  Morrisons and was jailed for eight years in 2015 fro fraud, securing unauthorised access to computer material and disclosing personal data.

The new case is being viewed as the first data leek class action in the UK, with legal experts agreeing that the case has potential implications for every individual and business in the country.

The trial is concerned with the use of liability, involving claims brought by 5,518 current and former Morris’s staff, who allege the company failed to prevent the leek.

The claimants also allege that the data leek exposed them to identity theft and potential financial loss, with Morrisons responsible for breaches of privacy confidence and data protection laws.

The lawsuit is being brought bylaw firm JMW Solicitors.

Discussing the case, Nick McAleenan, partner at JMW Solicitors said: “The court will decide whether Morrisons bears any legal responsibility for the misuse and disclosure of the payroll information of the many thousands of people bringing claims in this case.”

Morrisons denies liability.

CeX_Logo_Rich_black_CMYK-01 copy

Retailer CeX suffers data hack

Tech trade-in retailer CeX has suffered a data breach, which could affect top to two million of its registered website customers.

In an email to its customers, managing director David Mullins said it was investigating the breach “as a priority” and that they would be “taking a number of measures to prevent this from happening again.”

It is believed that the breach was a result of an unauthorised third party accessing CeX’s computer systems, with customer information including names, addresses, email details and phone numbers compromised.

The email by Mullins also stated that for “a small number of customers” the breach may also extend to encrypted data from expired credit cards up to 2009, although it was unlikely any payment information was taken as CeX ceased storing customer cards in 2009.

CeX is currently contacting two million of its registered website customers.

“We are taking this extremely seriously and want to provide you with details of the situation and how it might affect you,” Mullins said in the email.

“This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible. Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again.”

CeX is asking all customers to change passwords for its Webuy online account.

“Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services,” the email said. “As such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password.

“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats. Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”

cyber-security-1805246__340

The £1m cost of a data security breach

A new report by NTT Security has revealed that a UK business will spend more than  £1 million recovering from a data security breach.

The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days. UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5 per cent drop, which fares slightly better than the global average of nearly 10 per cent.

In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64 per cent) cite loss of customer confidence, damage to reputation (67 per cent) and financial loss (44 per cent), while one in 10 anticipate staff losses, and nine per cent expect senior executives to resign following a security incident.

Some 63 per cent of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57 per cent.

“Companies are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage,” said Linda McCormack, vice president UK & Ireland at NTT Security.

“Although this year’s £1.1m figure is slightly down on last year’s report (£1.2m), no company, regardless of its size, sector or focus, can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed.“

A full copy of the 2017 Risk:Value report can be found here.