Racing Post pulls up short on IT security
From the Information Commissioner’s Office, an update and more details on the Racing Post breach:
The Information Commissioner’s Office (ICO) is warning businesses that they must be prepared for a targeted attack. The warning comes as the Racing Post signs a commitment to improve its IT security practices after 677,335 accounts were compromised during a data breach in October 2013.
The attack exploited existing vulnerabilities in the racingpost.com website that allowed a hacker to gain access to the company’s database of registered customers. The information compromised included the customer’s name, address, password, date of birth and telephone number.
An investigation by the ICO found that the company had carried out penetration testing on its website in 2007. However, the company failed to apply up-to-date security patches after this time leaving a vulnerability which the attacker exploited. The ICO also found problems with the way the company stored its customers’ information.
Read more on ICO.