Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Carphone Warehouse breach compromises customer data and customer confidence

August 10, 2015

  • Blog
  • Archive

The personal data, including bank details, of Carphone Warehouse customers have been accessed in a "sophisticated cyber-attack". Personal details of up to 2.4 million customers may have been accessed as well as 90,000 credit and debit card records.

As the company and the Information Commissioners Office now investigates how its IT systems were compromised, it calls into question once again how prepared some of our biggest and most trusted organizations really are in the ever evolving battle against hackers and advanced cyber threats.

Andrew Avanessian, VP at endpoint security company Avecto, said that such attacks should and can be planned for and prevented:

"Though exact details on the route to entry in this attack remain fairly limited, it's likely that the retailer's detection mechanisms simply didn't flag the attack until it was too late. The result of this failure has compromised not only the credit and debit card details of some 90,000 people but also jeopardised their customer's identities, something increasingly more valuable to today's hackers and cyber criminals.

"While it's too early to start pointing the finger at other root causes, time and time again these kinds of attacks often stem from the exploitation of innocent employees through privilege abuse. For example, a hacker will find their way onto the corporate network and once there seek out employees with admin privileges, creating an open door to sensitive business information.

"It's important therefore to stress that prevention is possible. Business can and should limit their exposure to this risk by adopting a least privilege approach to user access. Business should prepare for when they are targeted, not if, and taking control of who has access to what is the obvious starting point. This approach is complemented by tight control of applications and the mitigation of internet borne malware through sandboxing, creating multiple layers of defense to prevent and protect against these kinds of threats.

"Customers of the Carphone Warehouse should also remain vigilant and not engage in unsolicited contact that requests personal or financial information. If they are unsure about what they are being asked or have reservations about the nature the contact they should hang up and make a call back to the company's official number to confirm authenticity."

Kevin Franks

Marketing Communications Manager

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.