Online shop hacks double in a year
THE number of online shops hit by serious losses of customer data has doubled in the past year as hackers try to plunder retail sites for valuable personal details, a law firm has warned.
Customers are increasingly at risk as retailers amass an increasing amount of shoppers’ personal information.
Online shopping, digital marketing and loyalty schemes mean shoppers submit more and more information to retailers that is of value to cyber criminals. Jeremy Drew, a partner at the RPC law firm, said: “Retailers are a gold mine of personal data but their highprofile nature and sometimes ageing complex systems make them a popular target for hackers.”
Figures released by the Information Commissioner’s Office show the number of retail firms reporting data breaches has doubled in just one year.
Breaches involving the loss of client data from hacking or leaking rose from 19 in 2015-16 to 38 in 2016-17.
The RPC research said: “The risks involved in data breaches are increasing in the retail industry, as retailers accumulate more and more personal information on their customers. The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in store mean that even a small multiple retailer will be gathering exactly the kind of data that hackers will be looking for.”
Mr Drew said overhauling cyber security was a low priority at some retailers because they were already struggling with the costs of a rising minimum wage, rates increases and exchange rate falls.
British Airways, Wonga, Sports Direct and Tesco Bank are among the firms who have had high-profile data breaches in the past two years. Mr Drew said tougher data protection regulations coming into place next year would force firms to take the issue more seriously.
He said: “We do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained.
“No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”
A Government survey of cyber attacks and breaches earlier this year found just under half of UK businesses said they had been struck in the previous years.
But a third of businesses had not spent any money trying to bolster security against attacks and a large proportion did not even have basic protections.
Wonga, the payday lender, warned in April that up to 250,000 of its customers may have had their names, addresses, bank account numbers and sort codes stolen after “illegal and unauthorised access” to some of its customers’ personal information in Britain and Poland.