The ICO will be as useless at penalising this behaviour as they are with public sector bodies. Now I do realise that cash sanctions seem to be pretty much their only recourse, but managers /execs never seem to suffer. My crystal ball shows that this will be the same here - probably (its a little hazy on this point) with lower penalties.
Huge hack attack: UK data cops to probe Carphone Warehouse breach
Britain's data watchdog plans to investigate a massive hack attack on Carphone Warehouse's systems, which has put 2.4 million customers at risk of having their personal info ransacked by wrongdoers. On Saturday afternoon, the company coughed to the mega data breach and added that up to 90,000 subscribers may have had their …
COMMENTS
-
This post has been deleted by its author
-
Monday 10th August 2015 11:36 GMT hatti
Possibly because they get a percentage of each transaction. Having said that there is sometimes scant attention to security on some builds, partly because security is just not as sexy as selling shiny plastic and metal things until something like this happens, and partly because it is not fully understood.
-
-
Sunday 9th August 2015 17:03 GMT Doctor Syntax
I'd have thought that they would be on the hook for any losses between the breach and the notification and beyond allowing for a margin for customers to pick up the communication and act on it. It may, of course, be covered by insurance but their insurance cover should be more expensive in the future.
At some point insurers are going to start demanding more information about the risks they're covering so the IT equivalent of an 18 year-old Ferrari driver is going to find cover much more expensive if not impossible.
-
-
Monday 10th August 2015 07:30 GMT Anonymous Coward
Every attack is sophisticated because it'll have been done in such a way whereby the developers would never have thought about doing it that way.
So, really, "sophisticated attack" is PR bullshit for "Well they hacked it in a way we didn't think was possible, because we really thought we were the dog bollocks when it came to development".
-
Monday 10th August 2015 11:58 GMT alain williams
Why I did not buy from carphone warehouse
I tried to buy 2 new 'phones from carphone warehouse a few weeks ago, an outright purchase, not on contract, I have a connection only SIM with giffgaff. They asked for my name, address, ... I refused saying I was buying a 'phone & saw no reason to give them all of that. They said that it was company policy to insist on the information and refused to sell anything to me without that info. I left and bought what I wanted elsewhere.
I now feel quite happy that I did insist on preserving my privacy.
-
Monday 10th August 2015 19:28 GMT JLV
naive question
is there no better way?
Why does CarPhone need to store your CC info in the first place? Can't they just pass you the terminal, have it upload the transaction data and your PIN and receive an confirmation of accepted transaction from Visa in return? With an confirmation id so that the stuff can be tracked back later on if needed? No need to store any of your CC data in that case, Visa takes that role on and they have every incentive to protect it.
Why, instead of expecting anything useful out of merchant security, does Visa & all not work that way in general? Or at least maybe give a transaction cut discount to retailers doing that.
I get that Amazon wants to store your CC data, it's very convenient not to have to reenter it every time. But in a store setting you still need provide the card physically every single time. Why store anything about it if Visa can look after that? Even store-issued cards are still managed by CC companies.
Or was this breach on the website end of things rather than the stores?
This is an honest question, I am not POS-savvy in the least.