Cotton Traders web site hack loses thousands of credit card details

The data theft from the British clothing retailer Cotton Traders has yet again raised questions about security and data policy.

Hackers have stolen the credit card details of up to 38,000 customers from clothing firm Cotton Traders after its website was hacked, according to reports.The attack occurred in January, resulting in the company referring the issue to Barclaycard and calling in industry security experts. Cotton Traders said that all card details were encrypted, with most cards stopped in the same month of the attack.The firm said in a statement: "Earlier this year we identified a security issue. We immediately brought in security experts to resolve the problem.

"We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading industry security standards."APACS, the trade association for the payment industry, said the attack was serious because hackers accessed details which could be used for card not present' fraud. It said a specialist police unit was working on the case.The company has not issued individual notifications for the customers affected and has said that anybody concerned about the attack should talk to their card provider. However, some security experts say this is not enough.Security vendor Symantec, in association with Ipsos MORI, recently commissioned a survey which claimed that 96 per cent of the general public would want to be notified if their details were lost by an organisation. 85 per cent said bank account details were a priority."Although most data breaches are accidental, the lost of personal data can have a huge negative impact on an organisations reputation. However, in this case, the breach was intentional and the company didn't notify the affected customers to the security hacking," said John Turner, vice president for EMEA Presales at Symantec.Turner said that data breach notification legislation would be an important step to increase levels of data security."[It would] ensure that organisations are aware of their requirements and obligations to disclose to customers when personal data has been lost or stolen."The reports come only days after a Home Affairs committee said that the government needed to make sure that it kept the data it held about people to a minimum.The Information Commissioner agreed with their view, and also said it was a priority that organisations were forced to undergo privacy impact assessments to make sure they were handling data properly.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020