Marks & Spencer was forced to suspend its website after customers were able to see other people’s details when they logged in to their accounts. Customers posted messages on the high street chain’s Facebook page to say they could see other people’s orders and payment details when they logged into their accounts. The firm said no customer’s details were compromised by the “technical difficulties”.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“Hackers aren’t the only cause of data breaches. Errors in website code can accidently disclose customer data, either as individual details or in bulk. The loss of physical devices, like laptops, can result in a data breach as well.
Websites that accept, process and use customer data continue to be targets for attackers. Even when data is encrypted behind the scenes, if the website can access and display that data, then there’s an avenue to attempt malicious access.
Organizations have to take a multi-layered approach to security. There’s no single solution that protects sensitive data. Security must span everything from hardened configurations of webservers to encrypted databases, and even employee awareness training.
The increased attention to data breaches in the media has sensitized customers to the issues involved. The average consumer is simply more aware of their own sensitive data these days.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.