Disaster for Three Mobile as huge data hack is disclosed

three-logo

News has emerged today that one of Britain’s biggest mobile phone companies has suffered a huge breach of its systems, exposing an estimated six million user account details to  compromise.  This represents two thirds of the company’s customer base.

Believed to have been a hack through an authorised employee login, the hackers were able to access the customer upgrade database.

A spokesman for Three said, “Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.  We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity”.

Three added that the data accessed included names, phone numbers, addresses and dates of birth, but added that it did not include financial information. Customers whose data has been affected have not yet been informed at this time. However the speed of intercept is indicated by the revelation by the National Crime Agency that they are investigating the breach and that three people have already been arrested, two for computer misuse and one for perverting the course of justice.

With the Chancellor, Philip Hammond’s speech at the beginning of November calling on companies to do more to protect their customers against cyber crime after the series of high-profile breaches in the last few years, the commercial imperative for businesses to create stronger security measures with GDPR on the horizon shows that the need for diligence in compliance is greater than ever.

As part of its ongoing efforts to keep its customers and regional businesses best informed, Amicus ITS has been conducting a series of cyber security roadshow events to help inform and educate businesses in the region.  The next one is on Thursday 24th November 2016 at its headquarters in Totton.  For details click here

The Week’s Technology News – 28th March 2014

A little more seasoning with that sensor, Sir?
The first international factory for ingestible sensors, is to be built in the UK by US company, Proteus Digital Health.  The factory will have the NHS and the UK Government as partners.   Portable devices such as these are decentralising healthcare and will transform the way healthcare can be delivered in partnership with the patient. The technology is swallowed and the stomach fluids power the sensor by transporting it via stomach fluids.  A body worn patch sends information captured to a mobile device.  Such technologies have the potential to be transformative to healthcare, as the collection of data and mobile management tools enable diagnosis, faster assessment and more accurate treatment, linking the patient, their carer and clinician to help them stay well.  The technology will become more affordable and convenient as specialists in consumer technology are conjoining with medical technology and identifying commercial opportunity.  For an already overstretched NHS this sounds like a welcome IT technological advance.

Irritation with spammers creates collaboration amongst mobile giants and ICO
EE, O2, Three and Vodafone and the Information Commissioner’s Office (ICO) are working together to prevent nuisance text messages of spammers and fraudsters spreading across the UK’s four major mobile networks. This is being done by the mobile group signing up to the GSMA Spam Reporting Service. This will be coupled with mechanisms in real time to find the perpetrators. Those who have breached the Privacy of Electronic Communication Regulations (PECR), will have monetary penalties issued against them.  In 2012, the ICO issued a £440,000 fine to two men running a spam texting operation.  The GSMA platform will collate and analyse the details of users’ reported spam to id patterns and origins of attack. The collaborative aim of the group is to isolate and prevent spread to other networks.  The ICO is also looking to extend this into nuisance calls.  Vigilance against threats to mobile devices are an ongoing challenge for MSPs, as mobile workforces become ever more commonplace. Reducing fear and threat should certainly get the thumbs up from the marketplace.

Keep your MITs off our data
A group of MIT researchers have created a new platform for creating spy proof websites by building secure sites, services and applications, called Mylar.  This is in response to the high profile Snowden leaks of government agency incursions in the USA to capture people’s private data and to counter the increase in identify theft and hacking efforts internationally.  With Mylar, the data remains encrypted all the time in its servers and only decrypted when accessed from your computer, with correct password authentication.  The system is being tested by a group of patients in the US to share medical information with their doctors and the designers are exploring their own chat, photo sharing and calendar applications.   Whether this leads to a more commercial take up remains to be seen, as web providers may be reluctant to use a technology which restricts clients’ websites from accessing user data to serve targeted ads.

Gartner take time out to stare up at the clouds
One of Gartner’s leading Storage Technology and Strategist Directors, Valdis Fink, has been thinking afresh about how Cloud needs to develop, versus how it has been used.   For organisations, a primary benefit of Cloud has been to shift capital costs to operational costs.  SMEs who have had their own servers or back up options, are increasingly taking up the opportunity to outsource to secure data centres.  However, data centres have remained the same with centralised grid computing architecture which has got larger and the offerings cheaper, so data (and apps) has essentially just been re-centralised elsewhere. Fink maintains that real cloud computing should be location and device independent, safe and accessible from anywhere, within the internet, on peoples’ computers and devices, in data centres and in hyper-scale data centres, using information dispersal algorithms.  Such technologies are available today, which synch and secure. So the challenge for forward thinking MSPs is to drive the thinking, rather than follow major vendors to ensure your service is “leading edge” and right for your clients who have every right to expect the best.