Security Panel: What Can We Learn From CeX Data Breach?

Earlier today, second had entertainment retailer confirmed it had suffered a data breach that compromised the personal information of two million online customers. You can read more here, but what can our security panel take from the incident?

Raj Samani, chief scientist, McAfee Labs

“Given the increasing amount of reported data breaches, it would be simple to shrug off the news that CeX has reported a security breach as just another in a long line of companies impacted by digital crime. However, two million people will now be wondering just what the lasting impact of their personal data being disclosed will have on them.

“This concept of breach fatigue is a very real issue, and until further data becomes available that will determine whether CeX implemented the appropriate controls, we should be careful before apportioning any blame.

“One lesson is clear however, anytime you are asked for your personal data either online or offline, question whether you want yet another party to become responsible for keeping it safe.”

Mark James, security specialist at ESET

“It’s interesting to note that they stated that Hackers may have also swiped encrypted data from expired credit and debit cards up to 2009 in a ‘small number of instances’. However, any payment card data that may have been stolen in the attack ‘has long since expired’ since they stopped storing financial data in 2009 – but how many of the public actually know that? If an unsuspecting user received some correspondence to update their credit card details and used the old info as a qualifier there could be a few who may fall for it!”

Javvad Malik, AlienVault

“The details are scarce, so it’s unclear how attackers gained access. Nor is it clear when this incident occurred. However, it is another reminder that all data, particularly customer data needs protecting by companies of all sizes.”

“This protection includes, not only having threat detection and response capabilities, but also to look at the appropriateness of the data that is stored. It’s surprising that CeX still stored customer card details prior to 2009. One would struggle to think of a legitimate business reason for storing expired card details and would appear to go against the Data Protection Act principles of adequacy and relevancy.”

“With GDPR looming, it is essential that companies take a hard look at the data it stores and processes and for what purposes.”

Jamie Fox, CEO ZoneFox

“The way CeX has handled the incident by taking precautionary measures and instructing users of WeBuy.com to change their passwords is exactly how businesses should be handling the situation. The attack shows, once again, how companies of all sizes need to have a holistic approach to security and the need for a 360-degree visibility into what data is being moved around on and off the network. And and what’s equally important is that your employees and clients are educated with a security-aware culture instilled to help close any gaps threats look to exploit.”

Rashmi Knowles, Field CTO at RSA

“CeX are right to bring in a cyber-security experts to review their processes and with GDPR on the horizon, every company should be looking at doing the same. The GDPR radically expands the definition of Personally Identifiable Information (PII) and will now include areas such as email addresses that previously weren’t covered under the [Data Protection Act].”

Quiz: What do you know about cyber security in 2017?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

4 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 days ago