Thursday, 26 February 2015

Hacked Insurer Fined For Missing Patches

A British insurance company has been fined 175,000 pounds (239,000 euros) because the security updates forgot to install which customer data could be stolen. During the attack on Stay Sure attackers had access data from more than 100,000 credit cards, as well as medical data. The security of the credit cards, which is the back of the card, was also accessible.

However, this is in violation of industry rules, which state that they may not be saved. Eventually tampered with the credit cards of more than 5,000 people. It emerged that the company had no policies or procedures for checking and updating of IT security systems. In addition, the insurer password twice to update the database, so the intruder could have been prevented.

"It is inconceivable that a company with three million customer data had no procedures in place to protect that information,"says Steve Eckersley, head of enforcement at the UK Information Commissioner's Office. Eckersley hopes that the penalty as a warning to other companies will need to keep their IT security in order.

No comments:

Post a Comment