advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

17 June 2008

Customer details taken in Cotton Traders web hack

Rob Stringer

Cotton Traders have reported that customer details were stolen in a web hack that took place earlier this year.

38 000 credit card details were allegedly stolen, although a spokeswoman for the company, founded in 1987 by former England rugby captains Fran Cotton and Steve Smith, reports the figure as being ‘substantially less’. The actual figure has not been confirmed.

Cotton Traders claim to have ‘always met leading security standards’ and maintain that banks were immediately noted of the breach, while customers were notified ‘within days’. Unfortunately, a few days provides more than enough time for hackers to put new-found data into profitable use.

Furthermore, some reports claim that customers were only made aware of the breach when their own banks contacted them.

It is not known exactly how the breach occurred, but Cotton Traders have stated that only encrypted card numbers were stolen. It’s been alleged however, that customers’ addresses were also harvested in the attack.

“[The differing reports] highlight the inconsistencies about data breaches in the UK,” Mark Bower, Voltage’s director of information protection solutions told Infosecurity. “Having a standard process is best practice.”

Bower added that “threat profiles have changed substantially in the last five years” towards a tendency for personal data theft.

Although the data was encrypted, this does not mean the information is necessarily safe from detection.

“The PCI DSS, (Payment Card Industry Data Security Standard,) the main standard for protecting card holder data, does not mandate using hardware to protect encryption keys themselves.” warns Steve Brunswick, strategy manager for the Information Systems Security activities of Thales.

“If Cotton Traders' encryption keys were not protected using a hardware device, there is a danger that these too could have been stolen, enabling the fraudsters to access to the data.”

Concerned Cotton Traders customers are advised to contact their bank to check for discrepancies.

Matt Hampton, senior technical specialist for Imerja, suggests customers “try and use a card dedicated to online transactions” in order to minimise risk.



News index



 

 
Search this Site:
Google Custom Search



Click here...