This isn't the first incident of websites being hacked for their customer details. In May 2014, Ebay was the subject of hackers and they advised all their account holders to change their password.
In April 2012, the British Pregnancy Advise Service website was hacked the name and logon details of the administrator leaked. At the time the ICO said “Ignorance is no excuse. It is especially unforgiveable when the organisation is handing information as sensitive as that held by the BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe."
Ernst and Young have researched cyber attacks and produced a report. Ernst and Young report. Cyber threats are regularly reported in the media and this indicates that attacks are becoming more sophisticated and persistent. If your organisation has not experienced an attack yet, it will no doubt be targeted.
PWC reports that cyber attacks have increased 41% over the last year and the report shows that most attacks are undertaken by a current employees.
Both the PWC and Ernst and Young report are interesting and show the importance of ensuring appropriate security and policies are in place.
If you would like some help identifying any potential weaknesses, please contact me at Lesley@audit-and-risk.co.uk. I shall be happy to help.
