The punters’ bible, the Racing Post, has fallen at the first hurdle when it comes to protecting its customer data, after hundreds of thousands of online accounts were compromised during a breach late last year.
The Information Commissioner’s Office (ICO) has now forced the company to sign a commitment to improve its data security practices after 677,335 accounts were hit during the breach in October 2013.
The attack exploited existing vulnerabilities in the racingpost.com website that allowed a hacker to gain access to the company’s database of registered customers.
The information compromised included the customer’s name, address, password, date of birth and telephone number.
An investigation by the ICO found that the company had carried out penetration testing on its website in 2007. However, it failed to apply up-to-date security patches after this time, leaving a vulnerability which the attacker exploited. The ICO also found problems with the way the company stored its customers’ information.
ICO head of enforcement Stephen Eckersley said: “There is barely a day that goes by without a company being the target of an online attack. This is the modern world and businesses and other organisations must have adequate security measures in place to keep people’s information secure.
“The Racing Post pulled up short when it came to protecting their customers’ information by failing to keep their IT systems up-to-date. This data breach should act as a warning to all businesses that poor IT security practices are providing an open invitation to your customers’ details.”
As part of the undertaking, the Racing Post will introduce routine security testing and have a policy in place to ensure security updates are regularly applied by February 28, 2015.
Related stories
Breaches ‘everyday occurrences’
Half of eBay users now wary
Marketers shoulder hacking costs
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Only 2% of cops can fight e-crime
Cops ‘don’t care about cyber-crime’
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack
Adobe data attack ‘may hit billions’
Top US stars hit by D&B breach
Foxtons hit by online hack attack
Hacking staff could wind up firm
58m rocked by Ubisoft hack attack
Racing Post pulled up over data breach http://t.co/rnt70rJfvy #dataprotection #digitalmarketing #directmarketing