RacingPost.com website – customer data theft

December 2nd, 2013 by admin Leave a reply »

The betting and news site said the amount of customer data exposed by the breach will depend on how much information they handed over at the time of registration and will vary from user to user.

The data lost in this data breach incident might include usernames, first and last names, encrypted passwords, email addresses, home addresses and users’ date of birth information.

As information such as customer’s credit and debit card details are not stored on the site, the company was quick to inform that such information was not accessed during the breach.

A post on the website reads “As a consequence, customers have been advised by email that they should take the precaution of changing their password on other sites if it is the same one they use for RacingPost.com”.

Although the passwords are encrypted, RacingPost.com said it is still advising users to change their login credentials because there is a risk the hackers will be able to decrypt them.

Bruce Millington, the editor of RacingPost.com, apologized to site users for any inconvenience caused, and revealed the attack on the site could be linked to others.

“Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation, we did everything in our power to halt the breach. As part of our efforts to resolve the issue, we have turned off the ability to register/log on to RacingPost.com. We are extremely sorry this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding,” Millington concluded.

Lloyd Brough, director of cyber incident responses at NCC Group, suspects the breach was caused by the exploitation of a web application vulnerability.

Brough said “While it is positive they have been quick to disclose the breach, providing further technical details on what type of ‘encryption‘ was used for the passwords would helped further inform technical users”.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Leave a Reply