Not hacked this time, a researcher have discovered that Halfords is just a little too free when it comes to sharing your data with others! Chris Hatton, a cyber security consultant discovered several exploits in service emails that Halfords had sent him in the course of normal business transactions:
Halfords removes vulnerability that leaked customer details • The Register
Chris did the responsible thing and contacted Halfords, who ignored him until The Register got involved and Halfords feared the publicity.
Halfords did say that no financial data had been compromised and that they had fixed the issue. Well that’s OK – let’s not worry about the other stuff. Although there appears to be no record of the ICO having received anything from Halfords!
Here is the moral of this story
You will be taking every cyber security step you can think of and afford but if anyone raises an issue, take it seriously, investigate it and take all necessary actions. Otherwise, like Halfords, it will seem you do not care.
So what? Well if I was a threat actor reading this story, I’d pop on over to Halfords, get some new tyres, and then see what other exploits they have missed. Then there is their website. Then there is the opportunity of sending a few phishing emails into their staff…
Well you get the picture.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Guide to the UK General Data Protection Regulation (UK GDPR) | ICO