Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: ITWiser Webmaster
Iceland involved in a data breach!
It has been reported by a UK security researcher that Iceland has been exposing customer’s sensitive information. The home delivery service has been doing this for months but the issue was plugged this week.
Security researcher Paul Moore went public with his findings after the frozen food giant failed to act once Moore reported the issue 12 months ago. Once the findings were made public it then finally forced the giant to take action to sort the mess out. The private reminders fell on deaf ears but after Moore went public about the issue, the flaws were resolved shortly after.
The issue or flaw in question revolved around delivery confirmation sheets and a website that is associated with Iceland. When a customer’s order is delivered by Iceland the driver hands them the deliver confirmation sheet for them to sign to accept the delivery. Moore noticed that this sheet contained personal information for other customers that were on that route. The sensitive information included names, addresses and telephone numbers. There was also an IP address at the top right of the paper that led to an insecure site, which is where all the orders are scheduled for delivery. To make matters worse when you visited the IP address it asked you for a username and password, if you click the ‘?’ it tells you the password is the 4 digit store number, this number is located on the delivery sheet aswell.
ITWiser offer a wide range of services and solutions that can help prevent issues like this from affecting you and your business. We offer internal security audits and external security audits, these audits are designed to highlight issues inside and outside your network. For more information on these or on any of our other services please get in touch today.