Racing Post escapes ICO fine

The betting website has signed an undertaking with the UK regulator committing to improve its data  security in the wake of   a sophisticated cyber attack affecting 677,335 of its user’s accounts.  The hackers exploited existing vulnerabilities on Racing Post’s website to access customer names,  addresses, passwords, birth dates and telephone numbers. The ICO investigation  into the incident  uncovered the company’s failure to update security patches since 2007, leaving the site vulnerable  to attack. The Racing Post avoided an ICO fine as no financial information was compromised, but has  committed to introducing routine security testing and having a security policy in place, by 28  February 2015.

Home Depot data breach

Cyber security experts have announced that indicators point to a massive data breach at The Home  Depot that could cost the company many millions of dollars and customers. The company is  investigating whether data has been stolen but the breach has the potential to be bigger than that  suffered by Target. Evidence of the security hack suggests that almost all of Home Depot’s 2263  stores have been targeted. Home Depot have announced that customers would not be responsible for  charges made on their credit cards if the breach is confirmed, and that it would pay for customer  credit monitoring if there is a breach.

300 oil and energy companies hit by cyber attack

50 Norwegian companies in the oil sector have suffered a concerted cyber attack by unknown parties,  whilst another 250 remain at risk. The exact nature of the attack has not yet been disclosed but it  is reported to have been a phishing attack with the aim of stealing confidential information. The  National Security Authority in Norway has issued warnings to companies it believes may be targeted,  including Statoil, the country’s largest oil company. The attack is the second of its kind  following a hack in 2011 which exposed the commercial information of at least 10 Norwegian oil and  gas companies.

FBI investigates JPMorgan attack

JPMorgan Chase and at least four other financial institutions have been hacked in a series of  coordinated attacks. Investigators believe Russian hackers are behind the attacks which broke into  bank networks, siphoning data including account information. It remains unknown whether the  attackers had financial motives but the FBI is currently working with the US Secret Service to  determine the scope of the attack. However cyber security experts believe concerns are overblown  and that the reported incident is likely to involve run-of-the-mil attacks that financial  institutions regularly fend off.

Celeb photo hack causes latest privacy storm

Apple is “actively investigating” the violation of several of its iCloud accounts, in which  revealing photos and videos of Hollywood actresses were taken and posted online. Apple is yet to  comment on how the attacks happened, but security experts say it appears to have been a  straightforward attack which could have been avoided had additional security measures been  implemented. Apple has been criticised for failing to advertise two factor authentication to its  users and for allowing unlimited password guess attempts.

Nato prepares for cyber attack

British police are engaged in a security effort greater than that for the 2012 Olympics as Nato and  UK intelligence services have been put on “high alert” for a cyber attack. Nato’s cyber defence  unit have been meeting with GCHQ to share intelligence assessments and to prepare for the Nato  summit in Wales. The efforts come following a backdrop of growing attacks on Nato servers as the  stand-off between the alliance and Russia over the crisis in Ukraine has escalated. Officials  believe that the summit will be an opportunity for a large DDoS attack against Nato’s systems to  discredit the alliance and to exfiltrate classified information. Meanwhile ministers are due to  ratify Nato’s new cyber defence policy to improve cyber defence governance and information sharing.

Banks to offer digital identity storage

Britain’s high street banks believe their future role will include acting as a repository for  customer’s digital identities as well   as their money. A report revealed how Lloyds Banking Group  has been working with the Prime Minister’s office to test whether banks could offer the value added  service. The proposals would allow banks to confirm a potential customer’s identity, so that companies and public sector bodies can dispense with their own time-consuming checks.