UK pawnbroker Cash Converters revealed that it was the victim of a data breach that could have exposed sensitive data, including customer usernames, passwords, delivery addresses, financial data and other personal details after it sent emails to customers warning about the incident. However, credit information was confirmed to be unaffected by the breach. As of the time of publication, there is no indication of how many customers were affected, or when the attack occurred.
The company, which operates a chain of pawn shops that allow people to trade in items such as jewelry and electronics, said that the breach stemmed when attackers hacked into a defunct Cash Converters website to steal the customer information. The website, which was replaced by a newer one in September of this year, allowed users to purchase the company’s offerings online. The culprits apparently sent an email to Cash Converters, warning them that the data would be released publicly unless a ransom amount was paid.
Cash Converters announced that they are currently working with UK Law Enforcement agencies to address the data leaks. It also mentioned that its current website is more secure and was tested for security flaws as part of its development. As a precautionary measure, the company also implemented a forced password reset for all of the company’s UK customers. In addition, users who notice anything suspicious are encouraged to report it to Cash Converters or UK’s anti-fraud organization, Action Fraud.
While data leaks and potential data exposure --especially via vulnerability exploitation-- have become more commonplace recently, due in large part to its profitability, organizations can still rely on tried and true methods to protect their customer’s data. This includes thoroughly testing websites for any potential vulnerabilities and security flaws that can be exploited by criminals. This holds true even for older websites, which might be less secure due to the use of older technology or simply due to a lack of security focus during development. Companies should also create contingency measures in case something does happen. This includes appointing a contact person, creating disclosure strategies, as a mobilization plan that addresses the breach both internally and externally.
Perhaps the most effective method of securing customer data is by updating and patching all software related to the online company assets that store these data -- whether its operating systems, website development tools or web servers, updating can help prevent exploitation of vulnerabilities that can lead to data breaches.
Organizations still relying on older software and setups can look into virtual patching as it can protect their older systems from vulnerability exploits. It comes with intrusion protection technologies, which can help prevent exploit-driven attacks. Virtual patching can be done via comprehensive security products such as those using Trend Micro Deep Security, which provides protection for millions of physical, virtual, and cloud servers around the world.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.