Wetherspoons hackers steal personal data of 656,000 British Customers - expert comment
December 2015 by cyber security experts
Reports are slowly starting to appear regarding a breach at Wetherspoons, one of the UK’s largest pub chains. The site’s customers database – which includes names, dates of birth, email, addresses and phone numbers of 656,000 Britons – was breached in June. But Wetherspoons officials were only told about the hack by security experts earlier this week. The cyber criminals also stole credit card and debit card data from pub-goers who bought vouchers from the JD Wetherspoon site. Please see below for commentary from Andy Heather, VP EMEA at HPE Security - Data Security.
"When it comes to your data, remember it’s not a matter of "if" it will be compromised - it’s a matter of "when". Even the best security systems in the world cannot keep attackers away from sensitive data in all circumstances. When a company is collecting, using, and storing sensitive information about their customers, the risk is to the data itself. Therefore, a company needs to assume that all other security measures may fail, and the data itself will be the primary focus of the attack. It is important that businesses follow best practices of encrypting all sensitive personal and financial data as it enters a system, at rest, in use and in motion. The ability to render data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure consumer data remains secure. It is critical to note that this protection needs to include all potentially sensitive information such as customer’s name and address, and not just financial-related data. A data-centric approach to security is the industry-accepted cornerstone needed to allow companies to mitigate the risk and impact of cyber attacks and other attempts to get this information. A data-centric strategy delivers and maintains protection on the data itself, so that even when a traditional security technology (one protecting the container) fails, the underlying data itself is still protected, and can remain protected wherever that data enters, wherever it moves and however it is used.”