UK Edition
Cyber attacks on online retailers double in a year as hackers try to steal shoppers' details
The numbers of online shops hit by serious losses of customer data has doubled in the past year as hackers try to plunder retails sites for valuable personal details, a law firm has warned.
Customers are increasingly at risk as retailers amass ever growing collections of their shoppers’ personal information.
Online shopping, digital marketing and loyalty schemes mean shoppers submit more and more information to retailers that is of value to cyber criminals.
Jeremy Drew, a partner at the RPC law firm, said: “Retailers are a goldmine of personal data but their high profile nature and sometimes aging complex systems make them a popular target for hackers.”
Figures released by the Information Commissioner’s Office show the number of retail firms reporting data breaches has doubled in just one year.
Breaches involving the loss of client data from hacking or leaking rose from 19 in 2015/16 to 38 in 2016/17.
The RPC research said: “The risks involved in data breaches are increasing in the retail industry, as retailers accumulate more and more personal information on their customers.
“The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in store mean that even a small multiple retailer will be gathering exactly the kind of data that hackers will be looking for.”
Mr Drew said overhauling cyber security was a low priority at some retailers because they were already struggling with the costs of a rising minimum wage, rates increases and exchange rate falls.
British Airways, Wonga, Sports direct and Tesco Bank are among firms who have had high profile data breaches in the past two years.
Mr Drew said tougher data protection regulations coming into place next year would force firms to take the issue more seriously.
He said: “We do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained.
“No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”
A Government survey of cyber attacks and breaches earlier this year found just under half of UK businesses said they had been struck in the previous years.
But a third of businesses had not spent any money trying to bolster security against attacks and a large proportion did not even have basic protections.
Wonga, the payday lender, in April warned that up to a quarter of a million customers of its customers could have been seen their names, addresses, bank account numbers and sort codes stolen after "illegal and unauthorised access" to some of its customers' personal information in both Britain and Poland.
When Tesco Bank was successfully hacked in 2016, the accounts of one in three customers were compromised in what is believed to have been the biggest cyber attack on a British bank to date.
Around 40,000 accounts were compromised and money stolen from 20,000 customers.