Weekly podcast: Hard Rock breached, Plymouth teen in court, terrorist database exposed, and Brexit…

This week, we discuss the second breach to hit Hard Rock Hotel & Casino in just over a year, a Plymouth teenager in court for carrying out DDoS attacks, a database of terrorists exposed to the Internet, and what the referendum means for cyber security.

Hello and welcome to the IT Governance podcast for Friday, 1st July. Here are this week’s stories.

Hard Rock Hotel & Casino in Las Vegas has been hit by another data breach through its payment card system. According to a statement, “payment card data that included cardholder name, card number, expiration date, and internal verification code” was compromised by card-scraping malware that reportedly stayed on Hard Rock Hotel’s systems for five months between October 2015 and March 2016. This is the second card breach Hard Rock Hotel has suffered in just over a year. Last May, the popular resort revealed that it suffered a seven-month-long breach from September 2014 to April 2015, in which customers’ credit card numbers and CVV security codes, names, and addresses were stolen by criminals.

A 16-year-old boy from Plymouth has admitted carrying out cyber attacks on Devon and Cornwall Police, Florida’s SeaWorld theme park, and a number of other websites that, according to the BBC, were related to dolphin hunting. The boy – who cannot be named because of his age – appeared before the city’s youth court to answer charges under Section 3 of the Computer Misuse Act. The offences, which were committed between October 2014 and January 2015, relate to denial of service attacks. He also denied two charges of tweeting bomb hoaxes to American Airlines and Delta Airlines. Judgment is due next Wednesday.

A two-year-old version of the World-Check database, used by global banks and intelligence agencies to identify individual terrorists and terrorist organisations, is exposed to the public Internet, according to security researcher Chris Vickery. The Register reports that the Thomson Reuters database “contains some 2.2 million records and is used by 49 of the world’s largest 50 banks, along with 300 government and intelligence agencies”, and warns of the consequences of a high-profile leak of the sensitive information as it contains citizens’ “alleged criminal histories and terrorist links”. An August 2015 BBC investigation revealed that the service had inaccurately designated citizens and organisations as terrorists, leading to banks “effectively locking people out of vast swathes of the global banking system”. Thomson Reuters denies that the service is controversial.

Well, that’s it for this week. Oh, no – there’s one more thing. We’ve voted to leave the European Union! On an individual level this is still a very emotive subject, but there’s one point I’d like to emphasise, and will continue to emphasise: cyber crime is not a political issue; it’s a business issue. Irrespective of whether you voted to leave or remain, there’s a lot your business will have to deal with over the coming months and years. It’s a time of great uncertainty – and business hates uncertainty. And as organisations struggle to come to terms with the implications of the referendum result, cyber criminals are carrying on as normal – after all, the opportunities to exploit are as abundant as ever, if not increased. Indeed, a recent survey conducted by AlienVault found that 38% of IT professionals believe leaving the EU will make the UK more susceptible to cyber attacks.

As IT Governance’s founder and executive chairman Alan Calder commented: “In these turbulent times, all organisations need to do everything they can to ensure they survive. That’s why it’s essential to continue investing in best-practice cyber defences to combat the growing cyber threat.” Remember, too, that as far as data security is concerned, businesses in the UK will still need to comply with the EU General Data Protection Regulation when it comes into force in May 2018 if they want to continue trading with Europe. Find out more about the new Regulation at itgovernance.co.uk/gdpr. For free information security guidance, go to itgovernance.co.uk/infosec.

That really is it for this week. Don’t forget to comment below, telling us a bit about yourself and what you want to hear more of. And until next time, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.