Reading:
Online construction retailer fined for putting hundreds of its customer’s bank details at risk
Share:
online company fined

Online construction retailer fined for putting hundreds of its customer’s bank details at risk

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

The Information Commissioner’s Office (ICO) has concluded investigations into the online building products supplier, Construction Materials Online Limited (CMO), for breaching data protection principles.

The investigation first began when the online company was hacked back in May 2014.

Cyber criminals managed to identify a security vulnerability and performed an SQL injection into the company’s customer database. This method is commonly used for both destroying databases and stealing information, and in this case, it was to steal bank details from hundreds of customers.

The hackers successfully gained access to 669 customers’ details which included:

  • Full names;
  • Postal addresses;
  • Bank account numbers;
  • Security codes.

The compromised information was not encrypted.

Whilst companies may not expect iron clad security systems that are 100% secure, they do expect organisations to implement comprehensive security systems to hinder and prevent malicious hacking. According to the ICO, the CMO’s own website “contained a coding error which left it vulnerable to attack”.

This vulnerability was clearly taken advantage of.

Cyber security still not being taken seriously

As with a lot of businesses, the focus is often on getting customers and making profits, with cyber security sometimes ending up at the bottom of the pile of priorities. However, in today’s increasingly digital world, cyber security needs to be as important as making sure a gadget shop’s locks are in working order.

CMS didn’t test for vulnerabilities

Part of the ICO’s findings revealed that CMO didn’t carry out any penetration testing to check for weak spots. More security savvy companies may conduct penetration tests by asking an independent security expert to try and hack into their systems. If successful, they can patch up the weak points without risking their data to a malicious third party.

In its thorough investigation, the ICO found that CMO “did not have the appropriate technical measures in place to prevent the attack” and was therefore found in breach of data protection laws. The ICO recognises that the security flaw was more of an “oversight than an intentional attempt to bypass the law”. At the end of the day, though, there is no excuse for putting hundreds of customers at risk of potential fraud and associated dangers, and the CMO has been issued with a £55,000 fine as a result.

CMO criticised

Steve Eckersley, Head of Enforcement at the ICO, criticised the online company’s failure in its duty towards their customers:

“When people handed over their personal financial information, they rightly expected it to be safe. Construction Materials Online did not keep it safe and, as a result, exposed its customers to potential fraud. Its failure to make cyber security a top priority has proved a costly mistake.”

Ongoing risks for victims

Even though the ICO has completed its investigations and a penalty fine has been issued, the risks can remain ongoing for customers. As with the majority of data leaks, the compromised information may keep customers at risk as long as the information is still valid.

Customers of CMO are being urged to be vigilante of any suspicious activity.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon