ICYMI: Ashley Madison; TalkTalk; Contactless theft; Experian hack; Marks & Spencer
The latest In Case You Missed It (ICYMI) looks at possible Ashley Madison extortion campaign, analysing the TalkTalk attack, contactless card theft, opinion on the Experian hack and Marks & Spencer not a hack.
Possible Ashley Madison extortion campaign identified
A cyber-security company says it may have spotted a round of extortions on Ashley Madison customers from a notorious hacking group. It was expected that Ashley Madison customers might be being extorted following the site's data breach, and this is indeed now happening according to cyber-security company, Digital Shadows. [Read more]
Police are investigating a "significant and sustained cyber-attack" on TalkTalk as it emerges that the data may not have been encrypted and the site used a SHA-1 signed security certificate. Around four million TalkTalk customers' personal information may have been accessed by hackers after a sustained attack on the firm's infrastructure. The company has confirmed that some of the data was not encrypted. [Read more]
A member of the SC team has had money taken from their bank account, apparently via a contactless card theft.
"A train journey to work is a very innocuous thing. But when a man slowly bumped into me and my pocket for a bit too long, it took me a second to realise what had just happened. I called my bank and found out that said individual had managed to steal £20 from my account via a contactless card payment; my bank promptly reimbursed me." [Read more]
Experian breach is more than just another hack as cross-referencing of data sets opens up even more scope for ciminal activity says Max Vetter.
The recent theft of 15 million T-Mobile customers' personal data from credit checking organisation Experian's servers could easily be dismissed as just another hack hitting our headlines almost every day. However, just days later, the stolen data was reportedly already showing up for sale on the dark web. [Read more]
High-street retailer M&S closed its website this week following complaints from customers that they could see the details of fellow customers when they logged into their own online accounts.
The website was shut from 6.30pm (GMT) to 9pm on Wednesday night.
Personal data, including names, dates of birth, contacts and previous order details of at least one other customer were viewable, but while the company says customers' full credit card details were not among the exposed information, other reports say that the last four digits of some accounts were briefly shown. [Read more]