In light of the news today that Vision Direct customer card details were stolen in a data hack with 16,300 customers at risk, please see below for comment from David Emm, Principal Security Researcher at Kaspersky Lab.
David Emm, Principal Security Researcher at Kaspersky Lab:
“Today’s news of the Vision Direct breach – the data of which was obtained using a fake Google Analytics script which had been placed in its website code that let hackers breach security defences – serves a stark warning for providers to do all they can to protect their customer’s data.
“We share an alarming amount of information when we shop online, from bank account details to dates of birth, and cybercriminals are always looking to get their hands on it. One way is to capture the data as customers enter it on a web site. It’s vital that online providers develop an effective cybersecurity strategy – before they become a target. Although there is no such thing as 100% security, having appropriate IT solutions in place significantly mitigates the risk of a successful attack. The measures that businesses can take to provide thorough protection include running up-to-date software and performing regular security audits on website code and penetration testing infrastructure. This should be extended to include any processes provided by a third-party It’s crucial businesses ensure its passwords are protected using secure hashing and salting algorithms.
“While consumers have no direct control over the security of their online providers, they can mitigate the risk of a security breach of an online provider’s systems. We would recommend that everyone uses unique, complex passwords for all their online accounts, and we would also urge people to take advantage of two-factor or two-step authentication where a provider offers this.”