SURVEY: 1 IN 2 BUYERS REQUIRE CSR IN PROCUREM... » Almost half of buyer documents (48 per cent) seen by electrotechnical businesses with turnover above... G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta...



Marks & Spencer was forced to suspend its website after customers were able to see other people's details when they logged in to their accounts. Customers posted messages on the high street chain's Facebook page to say they could see other people's orders and payment details when they logged into their accounts. The firm said no customer's details were compromised by the "technical difficulties".

IT Security experts explain what this could mean for customers and what companies should do to prevent such glitches:

Jonathan Sander, VP of Product Strategy at Lieberman Software:

Vigilance:  What can go wrong even without hackers involved? What should companies do to prevent details being released in such glitches?

Answer: “Issues like the one M&S experienced are a classic example of why quality assurance testing is so important. The M&S issue will be lumped in with data breaches and privacy, but I’m betting that’s not where it belongs. It’s likely simply some coding errors which have had a privacy impact. This is the kind of thing that only extensive, detailed test plans that are well executed will uncover.”

Vigilance: Is this just providing cybercriminals details on a plate and can they exploit this glitch further?

Answer: “Without understanding the exact nature of the flaw, it’s hard to say if bad guys could use it to gain some advantage. One thing that is sure is that given the thorough, automated approaches that today’s attackers use, if it was something that could be exploited it may already have been.”

Vigilance: How important is website security?

Answer: “As more business is done on websites and they get stuffed full of juicy bits of data used to fuel those transactions, websites will become a more serious target. Websites have always been a target because they were out in the open and easy to attack, and they have suffered from many well-known, easily exploited flaws, e.g. cross site scripting and SQL injection. In the past, though, the goal of attacking a website was often similar to the goal of graffiti. Online shopping, online banking, online everything important in our lives have changed the stakes of the game.”

Vigilance: Are customers aware of privacy issues?

“Consumer awareness of privacy and security is a mixed bag. Some are tuned into every move governments and corporations make and take their responsibility to secure their data seriously – and expect websites to do the same. Others are the people who post silly paragraphs about privacy on their Facebook status thinking that will somehow override the long, complicated legal agreements they clicked “I AGREE” on without reading. It’s fair to say that awareness is high, but understanding is low.”

Mark James, Security Specialist at IT Security Firm ESET:

Answer:What can go wrong even without hackers involved?

“Managing and expanding systems is not an easy task, daily work is needed to keep your systems working at optimal levels and this can lead to hiccups or “technical difficulties” when presenting this data to those that need it.

Planning and testing is the only way to ensure these do not cause serious problems but even this won’t stop any issues 100% so having a clear back up plan ready for when things go wrong should always be considered.”

Vigilance: Is this just providing cybercriminals details on a plate and can they exploit this glitch further?

“It’s quite possible that more data may have been available but how much is too much? Surely even a small snippet of private data accessible by someone who should not see it is too much and questions need to be asked both internally at M&S and externally by the public affected to ensure this is stopped from ever happening again. It’s one thing to lose your details through a sophisticated data breach but for a company to just give them away is just not acceptable.

Vigilance: How important is website security?

Answer: “In this time of seemingly daily occurrences of cyber-attacks it’s important for the public to have a perception of companies doing all they can to combat this. Whilst this particular event was not “hacking” related an awful lot of users’ first thoughts would have been that their accounts were hacked.

It’s much harder for a company to regain that trust even if no hacking had actually taken place. This is a classic example of that, the average user will be unable to clearly separate “technical difficulties” and breached or hacked accounts because they often go hand in hand when these events are disclosed.”

Vigilance: Are customers aware of privacy issues?

“It’s definitely more of a discussed subject these days. In this modern digital age virtually everything we do involves handing over details of our private lives in some form or another to be stored on someone else’s hardware using someone else’s security to protect it.

But being aware and being careful are two very different things, we need to take ownership of security problems. Whilst it is down to the companies that get hacked to protect our data it’s also down to us to not make it so easy to use that data elsewhere.”

Vigilance: What should companies do to prevent details being released in such glitches?

Answer: “Of course companies never plan to have any public data visible to anyone who should not see it and cannot guarantee to be 100% secure but having procedures in place to monitor, resolve and rectify any such events should always be in the background ready to be put in action.

Using professional outside help should always be considered as the biggest part of stopping such problems is understanding how they can happen in the first place. Regular system testing should always be performed to hopefully find and stop any such occurrence.”