Racing Post escapes ICO fine
The betting website has signed an undertaking with the UK regulator committing to improve its data security in the wake of a sophisticated cyber attack affecting 677,335 of its user’s accounts. The hackers exploited existing vulnerabilities on Racing Post’s website to access customer names, addresses, passwords, birth dates and telephone numbers. The ICO investigation into the incident uncovered the company’s failure to update security patches since 2007, leaving the site vulnerable to attack. The Racing Post avoided an ICO fine as no financial information was compromised, but has committed to introducing routine security testing and having a security policy in place, by 28 February 2015.
Home Depot data breach
Cyber security experts have announced that indicators point to a massive data breach at The Home Depot that could cost the company many millions of dollars and customers. The company is investigating whether data has been stolen but the breach has the potential to be bigger than that suffered by Target. Evidence of the security hack suggests that almost all of Home Depot’s 2263 stores have been targeted. Home Depot have announced that customers would not be responsible for charges made on their credit cards if the breach is confirmed, and that it would pay for customer credit monitoring if there is a breach.
300 oil and energy companies hit by cyber attack
50 Norwegian companies in the oil sector have suffered a concerted cyber attack by unknown parties, whilst another 250 remain at risk. The exact nature of the attack has not yet been disclosed but it is reported to have been a phishing attack with the aim of stealing confidential information. The National Security Authority in Norway has issued warnings to companies it believes may be targeted, including Statoil, the country’s largest oil company. The attack is the second of its kind following a hack in 2011 which exposed the commercial information of at least 10 Norwegian oil and gas companies.
FBI investigates JPMorgan attack
JPMorgan Chase and at least four other financial institutions have been hacked in a series of coordinated attacks. Investigators believe Russian hackers are behind the attacks which broke into bank networks, siphoning data including account information. It remains unknown whether the attackers had financial motives but the FBI is currently working with the US Secret Service to determine the scope of the attack. However cyber security experts believe concerns are overblown and that the reported incident is likely to involve run-of-the-mil attacks that financial institutions regularly fend off.
Celeb photo hack causes latest privacy storm
Apple is “actively investigating” the violation of several of its iCloud accounts, in which revealing photos and videos of Hollywood actresses were taken and posted online. Apple is yet to comment on how the attacks happened, but security experts say it appears to have been a straightforward attack which could have been avoided had additional security measures been implemented. Apple has been criticised for failing to advertise two factor authentication to its users and for allowing unlimited password guess attempts.
Nato prepares for cyber attack
British police are engaged in a security effort greater than that for the 2012 Olympics as Nato and UK intelligence services have been put on “high alert” for a cyber attack. Nato’s cyber defence unit have been meeting with GCHQ to share intelligence assessments and to prepare for the Nato summit in Wales. The efforts come following a backdrop of growing attacks on Nato servers as the stand-off between the alliance and Russia over the crisis in Ukraine has escalated. Officials believe that the summit will be an opportunity for a large DDoS attack against Nato’s systems to discredit the alliance and to exfiltrate classified information. Meanwhile ministers are due to ratify Nato’s new cyber defence policy to improve cyber defence governance and information sharing.
Banks to offer digital identity storage
Britain’s high street banks believe their future role will include acting as a repository for customer’s digital identities as well as their money. A report revealed how Lloyds Banking Group has been working with the Prime Minister’s office to test whether banks could offer the value added service. The proposals would allow banks to confirm a potential customer’s identity, so that companies and public sector bodies can dispense with their own time-consuming checks.