Brand owners have been warned to brace themselves for a spate of ransom demands from hackers – and bolster their online defences – following this week’s attack on the Domino’s Pizza customer database.
Security experts claim the move – in which hackers have demanded a €30,000 ransom to prevent them releasing more than 600,000 customer details from Domino’s in France and Belgium – could be the tip of the iceberg.
The rise of so-called “ransomware” has been well documented, but has so far been limited to individuals rather than companies. The new threat of firms being held to ransom, however, is a worrying trend, said Voltage Security vice-president of Europe Andy Heather.
“The value of personal data continues to be recognised by hackers, who are now attempting to use the data to hold companies to ransom”, he explained. “The theft of information such as credit card or account information has a limited lifespan – until the victim changes the account details – but the personal data that can be obtained has a much broader use and can be used to commit a much wider range of fraud and ID theft, and simply cannot be changed.”
This means that personal data has a much greater value; the black market price for a single stolen credit card is around $1, but increases to $500 if sold with a full identity profile.
“This breach highlights a need for companies to place tighter controls on how their customers’ sensitive information is stored and protected,” added Heather, despite conceding that even the best security systems in the world cannot prevent the theft of sensitive data in all circumstances.
“Companies need to assume that all other security measures may fail, and the data itself, including all personal data, must be a primary focus for protection, usually through encryption,” he said.
Domino’s has so far resisted the demand for cash from the Rex Mundi hacking group, but one industry source sees the move as one of the biggest threats to customer data for years.
He said: “The hacking community knows all too well that the EC is proposing huge fines for data breaches, so it knows there will be some companies willing to cough up to prevent the authorities finding out. This potentially forces data breaches under the radar.”
Last summer, MPs sitting on the Home Affairs Select Committee claimed the true scale of online crime in the UK was being vastly under-estimated because the majority of criminal activity still goes unreported.
At the time, committee chairman Keith Vaz, said. “We are not winning the war on online criminal activity. We are being too complacent about these e-wars because the victims are hidden in cyberspace.
“You can steal more on the Internet than you can by robbing a bank. If we don’t have a 21st Century response to this 21st Century crime, we will be letting those involved in these gangs off the hook.”
Cyber criminals get off the hook
Rogues falsify billions of ad clicks
Cyber attack costs UK firm £800m
Call for online crime-busting blitz
Data breach rules watered down
UK doing ‘bare minimum’ on privacy
50m hit by LivingSocial hack attack
UK data breach fines top £2.5m