The Information Commissioner’s Office (ICO) has warned businesses to avoid the ‘oldest trick in the book’ used by hackers to infiltrate websites: SQL injection.
The ICO made the warning after fining travel company Worldview Limited £7,500 for suffering such an attack, in which hackers made off with payment card details on 3,814 customers.
The ICO report explains that inadequacies in the company’s website made it easy for the hackers to break in, and that the company had not provided the necessary security training for staff.
“There was a lack of relevant training in security matters for developers, and insufficient oversight and checking of their work,” the report noted.
The ICO also criticised the fact that the weakness in the website had existed since May 2010 but was uncovered only during a routine update on 28 June 2013.
The ICO said the fine would have been £75,000 given its seriousness, but that this would have caused the company “undue financial hardship”.
The case follows two other high-profile SQL injection attacks against The Racing Post website and another travel company, Think W3, which was fined £150,000.
Simon Rice, ICO group manager for technology, said that the IT security industry may be “surprised” to find SQL injection attacks being used, but that companies must wake up to the fact and act accordingly.
“SQL injection attacks are preventable but organisations need to spend the necessary time and effort to make sure their website isn’t vulnerable,” he said.
“Organisations must act now to avoid one of the oldest hackers' tricks in the book. If you don’t have the expertise in-house, then find someone who does, otherwise you may be the next organisation on the end of an ICO fine and the reputation damage that results from a serious data breach.”
New Vikendi map adds snow, snowmobiles and new aural and visual twists
Faults and bad weather ground SpaceX, Blue Origin, Arianespace and United Alliance
New regulation expected to cut greenhouse gas emissions by about 17 million metric tonnes between 2020 and 2050
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell