TV Licensing admits it led 25,000 people to send unencrypted bank details

The agency previously warned that transactions carried out on its website were "not as secure as they should have been"

TV

The TV Licensing agency has admitted to directing 25,000 viewers to send bank details over an unencrypted connection.

In a statement, the organisation said tens of thousands of customers had sent personal details over an insecure HTTP connection, but that credit and debit card payments were not compromised.

The agency was criticised earlier this month for having an HTTP branch of its website, which didn't redirect to HTTPS, for handling forms for sensitive financial information. TV Licensing subsequently took its website offline as it migrated to the encrypted protocol, and advised 40,000 viewers to check their bank statements for suspicious transfers.  

"We can now confirm that fewer than 25k customers sent over unencrypted bank details and that credit and debit cards numbers were always secure," the agency said in a statement sent to IT Pro

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In a FAQ about the reasons for TV Licensing's brief unavailability, the agency said customer payment transactions were still encrypted during the time the HTTP site was used, but that personal data such as names, addresses and bank details were not. "There is no evidence of the website being subject to any sort of attack, or anyone having acted maliciously".

12/09/18 - TV Licensing urges thousands of viewers to check bank statements after security lapse

Tens of thousands of television viewers who have entered their details on the TV Licensing website are being urged to check their bank statements for suspicious transactions following a lapse in the site's security.

It warned that from 29 August until around 3.20pm on 5 September 2018, some transactions carried out on the website were "not as secure as they should have been".

The organisation emailed 40,000 people who entered bank account and sort code details telling them to check their bank accounts for suspicious transactions and to make sure direct debits haven't been amended.

It later confirmed that it believes up to 25,000 customers sent unencrypted bank details to the site, although that credit and debit card numbers remained secure.

Advertisement - Article continues below

However, information including names, addresses, and emails is at risk because they were not encrypted when they were transmitted from customers' computers to TV Licensing.

It said in a statement that as soon as the issue was discovered "we took the website offline and fixed it. We're really sorry this happened but want to assure you that the risk to you is low and we've taken action to ensure it doesn't happen again".

Dan Pitman senior solutions architect at Alert Logic, told IT Pro that it would be prudent to cancel any direct debits and call TV Licensing to set up a new one.

"Where financial information combined with emails or other identifying factors are leaked it will enable criminals to put together different sets of data, potentially combining known passwords or personal details with that financial data," he said.

Advertisement
Advertisement - Article continues below

Ryan Wilk, vice president at NuData Security, told IT Pro that data in the wrong hands especially payment card information can have a huge impact on customers, far beyond the unauthorised use of their cards.

"Payment card information, combined with other user data from other breaches and social media, builds a complete profile," he said. "In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the Internet and in the physical world." 

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/cyber-attacks/354747/apple-mac-malware-detections-overtake-windows-for-the-first-time
cyber attacks

Apple Mac malware detections overtake Windows for the first time

11 Feb 2020