Did you read the latest Ashley Madison byline? Before the data breach it was “Life is short. Have an affair.” I think it now reads, “Life is going to be shorter when your partner finds out!” The Ashley Madison affair has highlighted just how easily data can be hacked.
A less high profile data breach was reported by the BBC a couple of days ago. An email seen by the BBC showed the personal details of 458 people from across the UK who are Thomson customers. Data items revealed were home addresses, telephone numbers and flight dates; simply the perfect information you need if you happen to be a house burglar. Thomson’s response when this data breach was revealed was to say, “We would like to apologise to our customers involved and reassure them that we take data security very seriously.” Not at all reassuring if you are about to set off on holiday not knowing whether you house will be broken into whilst you are away. Perhaps a better response might have been, “We will, of course, allow our customers whose data has been stolen from us to cancel their holidays without any penalty and offer a substantial discount on a future vacation booked with us.” Why wouldn’t Thomson do that? Surely the company doesn’t value short-term profit over long-term customer satisfaction? Very short-sighted, if you ask me.
Stolen data travels fast. Back in April the Daily Mail reported on a unique experiment. 1,568 fake sets of credit card details were released on the Dark Web and tracked. The stolen data travelled the globe. It landed in five different continents and 22 countries within just two weeks. Overall, the data was viewed more than 1,000 times and downloaded 47 times; some activity had connections to crime syndicates in Nigeria and Russia.
As I have often mentioned, travel is an information industry. When our products are sold they are just data on a computer system. When travel products are bought, the booking records are also information held on computer systems. Even if credit card numbers are pretty secure thanks to the requirement for firms to be PCI DSS compliant, there is still plenty of data sitting on travel systems that would clearly prove very useful to the criminal world, not least the dates and times when travellers’ houses will be empty.
So my questions to you are: How seriously are you taking the security of the data you hold on your computer system? Have you any idea how easily it could be stolen? Do you know how to make it less vulnerable to attack? If you don’t know the answers, I think you should be concerned. Perhaps you should be asking me or any other consultant to audit your computer system security. I wouldn’t want to see your company in the news as the latest victim of data-hackers.