FIRM HIT BY CYBER-ATTACK FINED £60,000

A UK SME has been fined £60,000 by the Information Commissioner’s Office following a 2014 cyber-attack in which more than 26,000 customer details were accessed. Boomerang Video Ltd failed to take basic steps to stop its website being attacked by the hacker, who used a common technique known as SQL injection to access the data. Among the company’s failings, it neglected to carry out regular penetration testing on its website, failed to ensure the password for the account on the WordPress section of its website was sufficiently complex, had some information stored unencrypted, failed to keep the decryption key secure for encrypted information and held encrypted cardholder details and CVV numbers on its web server for longer than necessary.

BACK TO NEWS
CONTACT US

If you want to discover how you could do more with your data, get in touch with Xynics.