Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Exposed financial data down to deficient security measures

Friday 25 January 2019 | 11:03 AM CET

21% of fines issued by the Information Commissioner’s Office (ICO) between 2015 and 2018 involved insecure payment card data or financial information, according to Cyberfort Group.

Almost a third of these breaches were down to organisations neglecting simple security procedures, whilst over 75% were caused by issues at the application layer, often related to out-of-date software, insecure third-party payment systems, or inadequate scanning. All of these breaches therefore contravened Payment Card Industry Data Security Standard (PCI DSS) requirements.

In one organisation, a coding error present in the website login page enabled an attacker to obtain usernames and password hashes – ultimately allowing access to the organisation’s web server. Another case saw up to 40 employees using the same password for the server, and having full admin rights to the overall system.

The analysis also revealed that the GBP 1.74 million in fines issued for these incidents by the ICO in this time period could have amounted to almost GBP 889 million under the General Data Protection Regulation (GDPR), Cyberfort Group added in their official press release.

 advertisement
 advertisement
 advertisement
 advertisement