Sopra Steria finds UK citizens want more secu... » London: Sopra Steria has revealed that UK citizens are keener than ever to use digital public servic... World’s top education experts to answer key q... » Education experts, Edtech entrepreneurs and an assortment of thinkers, analysts and administrators f... HAUD gives more value through its Traffic Audit ... » Singapore: HAUD has now established itself as a market leading SMS firewall provider, and through ex... 365squared launches 365analytics » Macau, China: 365squared introduced 365analytics to its portfolio of services. 365analytics is a rea... Checkpoint Systems deploys its EAS Solutions at ... » Checkpoint Systems has announced its partnership in implementing EAS pedestals and deactivation syst... Evander Direct wins commendation for uPVC window... » Evander Direct have been commended for their innovative uPVC cleaning process that dramatically help... Electrical Industries Charity to benefit from pr... » Thousands of pounds are set to be raised for good causes in the electrotechnical industry at the upc... Secure I.T. Environments achieves new internatio... » Data Centre World, London: Secure I.T. Environments Ltd has announced that it has achieved new inter... OKI upgrades wide format with new Teriostar Multif... » Egham: OKI Europe Ltd has launched two new wide format Teriostar multifunction printers designed to ... BSIA members push aggressively for cyber-security ... » BSIA members have pledged to lead the way in cyber-security education, Vigilance can report.


Marks & Spencer was forced to suspend its website after customers were able to see other people's details when they logged in to their accounts. Customers posted messages on the high street chain's Facebook page to say they could see other people's orders and payment details when they logged into their accounts. The firm said no customer's details were compromised by the "technical difficulties".

IT Security experts explain what this could mean for customers and what companies should do to prevent such glitches:

Jonathan Sander, VP of Product Strategy at Lieberman Software:

Vigilance:  What can go wrong even without hackers involved? What should companies do to prevent details being released in such glitches?

Answer: “Issues like the one M&S experienced are a classic example of why quality assurance testing is so important. The M&S issue will be lumped in with data breaches and privacy, but I’m betting that’s not where it belongs. It’s likely simply some coding errors which have had a privacy impact. This is the kind of thing that only extensive, detailed test plans that are well executed will uncover.”

Vigilance: Is this just providing cybercriminals details on a plate and can they exploit this glitch further?

Answer: “Without understanding the exact nature of the flaw, it’s hard to say if bad guys could use it to gain some advantage. One thing that is sure is that given the thorough, automated approaches that today’s attackers use, if it was something that could be exploited it may already have been.”

Vigilance: How important is website security?

Answer: “As more business is done on websites and they get stuffed full of juicy bits of data used to fuel those transactions, websites will become a more serious target. Websites have always been a target because they were out in the open and easy to attack, and they have suffered from many well-known, easily exploited flaws, e.g. cross site scripting and SQL injection. In the past, though, the goal of attacking a website was often similar to the goal of graffiti. Online shopping, online banking, online everything important in our lives have changed the stakes of the game.”

Vigilance: Are customers aware of privacy issues?

“Consumer awareness of privacy and security is a mixed bag. Some are tuned into every move governments and corporations make and take their responsibility to secure their data seriously – and expect websites to do the same. Others are the people who post silly paragraphs about privacy on their Facebook status thinking that will somehow override the long, complicated legal agreements they clicked “I AGREE” on without reading. It’s fair to say that awareness is high, but understanding is low.”

Mark James, Security Specialist at IT Security Firm ESET:

Answer:What can go wrong even without hackers involved?

“Managing and expanding systems is not an easy task, daily work is needed to keep your systems working at optimal levels and this can lead to hiccups or “technical difficulties” when presenting this data to those that need it.

Planning and testing is the only way to ensure these do not cause serious problems but even this won’t stop any issues 100% so having a clear back up plan ready for when things go wrong should always be considered.”

Vigilance: Is this just providing cybercriminals details on a plate and can they exploit this glitch further?

“It’s quite possible that more data may have been available but how much is too much? Surely even a small snippet of private data accessible by someone who should not see it is too much and questions need to be asked both internally at M&S and externally by the public affected to ensure this is stopped from ever happening again. It’s one thing to lose your details through a sophisticated data breach but for a company to just give them away is just not acceptable.

Vigilance: How important is website security?

Answer: “In this time of seemingly daily occurrences of cyber-attacks it’s important for the public to have a perception of companies doing all they can to combat this. Whilst this particular event was not “hacking” related an awful lot of users’ first thoughts would have been that their accounts were hacked.

It’s much harder for a company to regain that trust even if no hacking had actually taken place. This is a classic example of that, the average user will be unable to clearly separate “technical difficulties” and breached or hacked accounts because they often go hand in hand when these events are disclosed.”

Vigilance: Are customers aware of privacy issues?

“It’s definitely more of a discussed subject these days. In this modern digital age virtually everything we do involves handing over details of our private lives in some form or another to be stored on someone else’s hardware using someone else’s security to protect it.

But being aware and being careful are two very different things, we need to take ownership of security problems. Whilst it is down to the companies that get hacked to protect our data it’s also down to us to not make it so easy to use that data elsewhere.”

Vigilance: What should companies do to prevent details being released in such glitches?

Answer: “Of course companies never plan to have any public data visible to anyone who should not see it and cannot guarantee to be 100% secure but having procedures in place to monitor, resolve and rectify any such events should always be in the background ready to be put in action.

Using professional outside help should always be considered as the biggest part of stopping such problems is understanding how they can happen in the first place. Regular system testing should always be performed to hopefully find and stop any such occurrence.”