Cotton Traders web site hack loses thousands of credit card details
The data theft from the British clothing retailer Cotton Traders has yet again raised questions about security and data policy.
Hackers have stolen the credit card details of up to 38,000 customers from clothing firm Cotton Traders after its website was hacked, according to reports.The attack occurred in January, resulting in the company referring the issue to Barclaycard and calling in industry security experts. Cotton Traders said that all card details were encrypted, with most cards stopped in the same month of the attack.The firm said in a statement: "Earlier this year we identified a security issue. We immediately brought in security experts to resolve the problem.
"We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading industry security standards."APACS, the trade association for the payment industry, said the attack was serious because hackers accessed details which could be used for card not present' fraud. It said a specialist police unit was working on the case.The company has not issued individual notifications for the customers affected and has said that anybody concerned about the attack should talk to their card provider. However, some security experts say this is not enough.Security vendor Symantec, in association with Ipsos MORI, recently commissioned a survey which claimed that 96 per cent of the general public would want to be notified if their details were lost by an organisation. 85 per cent said bank account details were a priority."Although most data breaches are accidental, the lost of personal data can have a huge negative impact on an organisations reputation. However, in this case, the breach was intentional and the company didn't notify the affected customers to the security hacking," said John Turner, vice president for EMEA Presales at Symantec.Turner said that data breach notification legislation would be an important step to increase levels of data security."[It would] ensure that organisations are aware of their requirements and obligations to disclose to customers when personal data has been lost or stolen."The reports come only days after a Home Affairs committee said that the government needed to make sure that it kept the data it held about people to a minimum.The Information Commissioner agreed with their view, and also said it was a priority that organisations were forced to undergo privacy impact assessments to make sure they were handling data properly.
Key considerations for implementing secure telework at scale
Identifying the security risks and advanced requirements of a remote workforceDownload now
The State of Salesforce 2020
Your guide to getting the most from SalesforceDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Rethink your cybersecurity strategy for the new world
5 steps to secure the enterprise and be fit for a flexible futureDownload now