Safely move on from COVID-19

Cyber and Information Security News: Your Friday Roundup

Welcome back to your weekly update of cyber and information security news from around the globe.

Big bill for Carphone Warehouse

The Information Commissioner‘s Office has fines telecoms giant Carphone Warehouse £400,000 for a data breach that occurred in 2015.

The breach involved the personal data from both customers and staff, totalling more than 3 million individuals. This included names and addresses, dates of birth and payment card details.


What did the hackers do?

Carphone Warehouse was running their website using WordPress, which is a popular open-source content management system. It seems that Carphone Warehouse failed to update the WordPress software, leaving it vulnerable to attack.

The hackers were able to log in to the admin area of the website and have access to personal data, but it seems that no evidence that the data has been used.

Elizabeth Denham said:

“A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.”

Carphone Warehouse apologises for any distress they may have caused and promised that “since the attack in 2015 we have worked extensively with cybersecurity experts to improve and upgrade our security systems and processes.”

Frosty reception at the Winter Olympics

McAfee’s Advanced Threat Research Analysts have reported that a number of organisations involved in next month’s Winter Olympics have been targeted by malicious emails.

It seems that the hackers were attempting to trick the recipients of the emails into believing that they were from the National Counter-Terrorism Centre in South Koria. The email IP address originated from Singapore and contained an attachment written in Korean.

It is still unclear who the culprit is that’s targeting organisation supporting the Pyeongchang Games, but the McAfee group said they more attacks are likely.

When is a safe not a safe?

The iKeyp smart safe proved that it was neither smart or safe when put to the test by the BBC.

As you can see from the video, a simple yet swift hit to the top of the unit, releases the safe’s latch. The original idea behind the safe was to enable users to secure valuables in a ‘smart’ way using an app.

You simply connect the safe to your wifi and control the settings with an app on your phone. You will receive a security alert if the safe detects attempted tampering. The problem here is that it was worryingly simple to remove the safe and run off with it, as the BBC Click presenter found.

It’s a good idea on the face of it, but I thinking they’ll need to go back to the drawing board with this one.

Google Play Store, not a playground for kids

When downloading apps and games with names like ‘Fidget Spinner for Minecraft’ or ‘Drawing Lessons Lego Star Wars’, you don’t really expect to be exposing your children to pornographic images. Unfortunately, that’s exactly what happened.

Over 60 apps found in the Play Store were infected with the AdultSwine malware, that once downloaded, would either display x-rated imagery or steal valuable information about the user – a serious cybersecurity risk. Before the malware could be stopped, these apps were downloaded over 3 million times.

According to Google, the apps and their developer accounts have been removed from the Store.

Want to learn more about cyber security?

Not ready to get started? Subscribe to receive more articles like this.

The information in this blog is for general guidance and does not constitute legal advice.


Phone:   +44 (0)1273 041140