30 Days of E-Commerce Testing - Day Twenty-Four!

Day 24:

Who’s had a high profile public ecommerce failure that you’ve read about in the news?
Share it on The Club.

So here’s one that popped up recently from the poor folks at Dixon’s carphone.

5.9 million card records, and 1.2 million personal records were accessed illegitimately.

That’s a big number.

As far as the card records go, no PIN numbers or CVV numbers were recorded, and therefore the cards couldn’t be accessed.
Which is an important point, this is information that must never be stored!

Personal records though, is still severe - that’s private information that should never have got out.
It could be used for social engineering, forgery or harassment.

The company are going to be fined, and is being treated as a breach of GDPR.

One thing that I like to remember about these sorts of issues is, that’s it’s very tempting to assign blame.
Their security was terrible, they should have known better, etc.

But it’s worth remembering that the people dealing with the problem may have done their very best, and may not be the ones responsible for the breach in the first place.
When a breach like this happens, someone out there is having a bad day, and a little empathy might be in order too!

- JE