Reading:
Online construction retailer fined for putting hundreds of its customer’s bank details at risk
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The Information Commissioner’s Office (ICO) has concluded investigations into the online building products supplier, Construction Materials Online Limited (CMO), for breaching data protection principles.
The investigation first began when the online company was hacked back in May 2014.
Cyber criminals managed to identify a security vulnerability and performed an SQL injection into the company’s customer database. This method is commonly used for both destroying databases and stealing information, and in this case, it was to steal bank details from hundreds of customers.
The hackers successfully gained access to 669 customers’ details which included:
The compromised information was not encrypted.
Whilst companies may not expect iron clad security systems that are 100% secure, they do expect organisations to implement comprehensive security systems to hinder and prevent malicious hacking. According to the ICO, the CMO’s own website “contained a coding error which left it vulnerable to attack”.
This vulnerability was clearly taken advantage of.
As with a lot of businesses, the focus is often on getting customers and making profits, with cyber security sometimes ending up at the bottom of the pile of priorities. However, in today’s increasingly digital world, cyber security needs to be as important as making sure a gadget shop’s locks are in working order.
Part of the ICO’s findings revealed that CMO didn’t carry out any penetration testing to check for weak spots. More security savvy companies may conduct penetration tests by asking an independent security expert to try and hack into their systems. If successful, they can patch up the weak points without risking their data to a malicious third party.
In its thorough investigation, the ICO found that CMO “did not have the appropriate technical measures in place to prevent the attack” and was therefore found in breach of data protection laws. The ICO recognises that the security flaw was more of an “oversight than an intentional attempt to bypass the law”. At the end of the day, though, there is no excuse for putting hundreds of customers at risk of potential fraud and associated dangers, and the CMO has been issued with a £55,000 fine as a result.
Steve Eckersley, Head of Enforcement at the ICO, criticised the online company’s failure in its duty towards their customers:
“When people handed over their personal financial information, they rightly expected it to be safe. Construction Materials Online did not keep it safe and, as a result, exposed its customers to potential fraud. Its failure to make cyber security a top priority has proved a costly mistake.”
Even though the ICO has completed its investigations and a penalty fine has been issued, the risks can remain ongoing for customers. As with the majority of data leaks, the compromised information may keep customers at risk as long as the information is still valid.
Customers of CMO are being urged to be vigilante of any suspicious activity.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
