The review should be about 300 words (a full page document). Please organize and

Question

The review should be about 300 words (a full page document). Please organize and elaborate your points. If you feel you need more than 300 words - you are free to do so (but make sure your points are not off-tangent). You will not get extra points for writing a mini-novel. Your grade is based on how well you synthesize the points in the article (including how you express your opinion, thoughts or understanding).

This dropbox utilizes an originality checker that will detect copied text. In your review, briefly summarize the article, provide things that you learned from the article, and then explain how the article might help you in your cyber security career. Since quality written communication skills are required in all cyber-related vocations, spelling and grammar will be graded in this assignment. Please insure that your review is written according to the highest grammatical standards.

Dixons Carphone data breach – millions put at risk of fraud

Once again a large company has suffered a huge data breach, putting millions of innocent customers at risk.

Customers of British popular high street stores Currys PC World, Carphone Warehouse, and Dixons Travel have been warned that a huge data breach has occurred involving 5.9 million payment cards and the personal data records of 1.2 million individuals.

Parent company Dixons Carphone said in a statement that an review of its internal systems uncovered a security breach at one of the processing systems used by Currys PC World and Dixons Travel stores.

According to reports, the breach – which has only just been made public – could have occurred as far back as 2016.

What makes the breach particularly serious is that often hacking incidents will involve the exposure of users’ personal information (such as names, email addresses, or even passwords) but *not* their payment information.

With the Dixons Carphone hack, however, things are different – with almost six million payment card details ending up in the hands of hackers.

The only silver lining on the cloud is that Dixons Carphone says that the majority of the breached cards have chip and pin protection:

5.8m of these cards have chip and pin protection. The data accessed in respect of these cards contains neither pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made.

However, the firm admits that approximately 105,000 non-EU payment card details were not protected with chip and pin protection – potentially putting those consumers at greater risk of fraud.

Even if consumers’ credit card details are not at risk of being exploited, there are still dangers associated with the security breach.

For instance, Dixons Carphone has admitted that hackers also gained access to 1.2 million personal records containing non-financial information (such as names, addresses, and email addresses).

Past incidents have proven that criminals can be quick to exploit such information in follow-up attacks, perhaps pretending to be communications from the hacked company in an attempt to trick customers into handing over even more personal details that can then be used for the purposes of identity theft.

It’s easy to imagine, for instance, that customers may have found themselves on the receiving end of malicious spam or phishing attacks in the wake of the hack.

If all of this sounds somewhat familiar then you’re not wrong.

Three years ago, in 2015, Carphone Warehouse (which was then a separate company) warned that approximately three million customers had been put at risk after its IT systems had been breached by hackers.

That incident cost Carphone Warehouse £400,000 in the form of a fine from the Information Commissioner’s Office (ICO).

In the ICO’s report on that incident, Carphone Warehouse was criticised for its “multiple inadequacies” when it came to security and its failure to take adequate steps to protect customers’ personal information.

Little has been made public at present at precisely what the security failings were which allowed the hackers to gain access to the sensitive information in this latest breach.

But questions will now no doubt be asked as to whether the merged companies learned enough from the earlier hack and were taking appropriate steps to ensure that data security would be maintained.

Dixons Carphone Chief Executive, Alex Baldock, says the company is “extremely disappointed and sorry for any upset [the hack] may cause,” and shares in the company have dropped 3% today.

please don't do write hand

Explanation / Answer

Introduction:

As we depart to the 21st century, a popular quote says “Data is the new oil”. By this quote, the importance of data can be valued by the world’s super powers. Data plays a major role in development of economy and growth of a Nation at large.

The data referred here is the collection of information through various channels.

How data is collected?

The medium of collection of data may be direct or indirect involved. Direct collection of data involved the collection of information of user when a user fills in a form or gives personal details such as name, contact information occupation etc. Indirect collect of data involves the collection of data through the third party applications which offers services and inturn gather user data with or without the knowledge of user. Indirect collection of data includes user location capturing, right to access user contact list, their device information, identifying type of network , identifying type of device being used etc.

Why data must be secured?

Since the data comprises of confidential information of a user, their privacy must be respected and efforts must be made to preserve their data safe and secure without disclosing it to public domain. Exposing the individual information on a public platform will lead to the access to bank accounts and unlawful transactions/withdrawals, manipulation of accounts and public image of user etc. But, in the long run the economy of that country will be hit hardly as the existing business try to shift their base from the country and new corporate offices try to avoid the country due to weak policy implementation with regards to user data security.

Case 1: Facebook and online chat messaging app merging: Impact on user data.

As a part of example, let’s consider the recent times i.e., merging of two giant social media platforms Facebook and messaging app found by Jan koum . Facebook has different privacy when it comes to access of user data by third party applications. JanJkoum's messaging app has its own strict policies and guidelines pertaining to user data protection.

After meeting of these two companies , there was a confusion among the executive level as what should be the common policies for both companies must be set up. The online messaging app has a strict policy of end to end encryption of data and any violation of the agreement with be dealt with legal proceedings. However, the Facebook is notorious for sharing it’s data. A recent example in the news where Cambridge Analytica was accused of collection of user data for campaigning in the elections and make an impact which was criticized by all. Later Cambridge Analytica files for bankruptcy.

Conclusion:

In this fast growing technological world, where each business entity wants to remain at the top giving a tough competition to its competitors, it may be done at the behest of user data. Hence, it is necessary to frame strict policies and guidelines and follow them accordingly.

Also, the user must play their part safely. The use must not give all personal data provided it is necessary and mandatory. The users must be made aware of the security implications from time to time through training, teaching and other available modes.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.