Expert Insight: Dark Web Criminals Selling Stolen Tesco Customers’ Account Details

A “treasure trove” of rifled personal data including user names, addresses and loyalty card balances was uncovered by the consumer campaign group. Cyber security experts say the information could be used to clone customer identities and gain illegal access to online shopping services. One seller on the dark web – hidden websites often used for illegal activities – claimed to have thousands of Tesco Clubcard account details for sale at 42p each.

Experts Comments

January 29, 2021
Trevor Morgan
Product Manager
comforte AG

In the wake of an investigation revealing a cache of PII for sale on the dark web, the computing editor of Which? appropriately calls for both businesses and individuals to pay closer attention to cybersecurity. The report underscores the meaning and purpose of January 28, which is actually Data Privacy Day. The reality is that effective technologies and best practices are readily available which can thwart incidents like this, preventing peoples’ highly sensitive data from being exposed and

.....Read More

In the wake of an investigation revealing a cache of PII for sale on the dark web, the computing editor of Which? appropriately calls for both businesses and individuals to pay closer attention to cybersecurity. The report underscores the meaning and purpose of January 28, which is actually Data Privacy Day. The reality is that effective technologies and best practices are readily available which can thwart incidents like this, preventing peoples’ highly sensitive data from being exposed and leveraged by threat actors.

 

On this Data Privacy Day, businesses need to give serious and sober thought about how data-centric security, which protects the data itself rather than the borders and perimeters around it, can be a powerful tool in their cybersecurity arsenal. In the reported incident affecting customers of Tesco, Deliveroo, and McDonald’s, had this data been tokenized prior to being breached, any sensitive data within the data set would have been effectively obfuscated. Businesses cannot keep risking situations like this when the answer is abundantly clear—you can implement effective and cost-efficient data-centric security, but you must have the desire and incentive to start that journey toward comprehensive data protection.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.