Cash Converters Suffers Data Breach From an Old Site

The words written by Cash Converter’s Social Media team this morning, “Good morning all. We are here to answer any queries you may have until 5.30,” seem happy and pleasant enough. But their main feed has been pretty quiet ever since.

Their replies feed, however, has been pretty active – unfortunately, they are all variations of, “We are happy to discuss this with you over the phone or email.”

The company has admitted today that customer usernames, passwords and addresses may have been taken by a third party. Data breaches from live sites are embarrassing enough, but it has emerged that this unauthorised access was to an old site which is no longer in use by customers, but was still online.

Jon Topper, CEO of UK tech company The Scale Factory has said, “When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned. As a result they should still be treated as ‘live’, which means maintaining a good security posture around them, keeping up with patching and so forth”

In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach, which definitely won’t fly under GDPR regulations coming into force next year. Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.”

With recent reports and studies suggesting that only a fraction of large UK and Multinational Organisations are ‘Highly Confident’ over GDPR compliance before next May’s deadline – and perhaps more worryingly still – only 25% of law firms surveyed are ready for GDPR, issues surrounding the security of personal data will only come under the microscope more often in the coming months.

+ posts

Meet Stella

Newsletter

Related articles

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Is sustainability ‘enough’ from a Cloud perspective?

The idea of uprooting entire sustainability initiatives that took years to formulate and deploy is unsettling for businesses but, in truth, it doesn’t have to be so revolutionary.

Endpoint management: Common challenges and trends for 2023

The surge in remote work and the growing trend of using the same mobile devices for work and leisure have challenged traditional on-premise IT management

Subscribe to our Newsletter