Wetherspoons breach - It's not just about the card numbers

Although it is reported that “very limited” credit and debit card information was accessed in the Wetherspoons breach, it is of no less significant concern that personal details including names and email addresses may have been stolen. In fact, theft of card details is relatively easy to ‘deal with’ – they can be blocked and replaced. It’s the other – seemingly innocuous – information that can pose a bigger problem.

Details such as your mother’s maiden name, your date of birth, and where you live can be pieced together relatively easily by would-be criminals and used as bait for targeting phishing attacks and identity theft to access more sensitive information. Armed with this information, hackers can continue to commit behavioural attacks well beyond the initial breach.

In today’s data-flooded world, security is increasingly becoming a big data problem – accessing personal details is just one more step in building a large database to mine information. Businesses need to change the way they think about data protection, extending their encryption policies to cover all personally identifiable information, so it is ‘detoxified’ should it fall into the wrong hands. Without this, there’s a real danger that attackers will know much more about you than your favourite beer..

Image: Keys, Beer Flights; Lauren Topor; CC-BY-2.0