Vision Direct hack puts customers' money at risk

Vision Direct says a hack attack has exposed thousands of its customers' personal data including payment card numbers, expiry dates and CVV codes.

The contact lens retailer said anyone who had entered their details into its site between 3 and 8 November could be affected.

It added that it had identified 16,300 people as being at risk.

It said a fake Google Analytics script placed within its websites' code was the apparent cause.

The company's UK site was involved as well as local versions for Spain, Ireland, the Netherlands, France, Italy and Belgium.

Under investigation

A spokeswoman for Vision Direct told the BBC that 6,600 customers were believed to have had details including financial data compromised, while a further 9,700 people had had personal data but not card details exposed.

"This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware," she added.

"Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."

One expert said the involvement of card security codes made the breach particularly serious.

"Being able to provide the CVV number usually indicates that you have the card in your hand when making a purchase," commented cyber-security researcher Scott Helme.

"Now the attackers have the full card details including the CVV number, these checks carry less value."

Apology

Vision Direct describes itself as Europe's biggest online seller of contact lenses and eye care products.

A statement on its site says that anyone who updated their details during the stated period, or had an order or update submitted on their behalf by its customer services team, should contact their banks and/or credit card providers.

"The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV," said the alert.

"We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise."

It added that customers who had used PayPal during the period might have had their names and addresses accessed, but said their payment details should still be safe.

 

The Vision Direct statement, who may be affected and what to do if you think you are at risk is on their website

Netwise 20.11.18

Do the police have your biometric digits?

Campaign group Big Brother Watch claims that many people who have been wrongly identified by police facial recognition systems still end up in police databases, despite their innocence.

There are growing concerns that governments and law enforcement agencies are collecting biometric data at the expense of privacy. Det Supt Bernie Galopin, from the Metropolitan Police, says any misidentification tends to be quickly recognised and dealt with by police officers at the scene. "It's technology that's assisting the police here, not the police assisting technology," he said.

"We have not had a single complaint from a member of the public [about misidentification]."

But what happens with the data after the event?

Politician Norman Lamb, who chairs the British government's science and technology select committee, says people can apply to have their image removed from police records. It seems not many appear to do so.

"There is significant doubt as to whether people are made aware of that right," he says. "The number of those who apply appears to be very low... and a significant portion of those who do apply are informed that their application has been rejected." One issue is that current legislation only covers DNA and fingerprints.

But biometrics commissioner Prof Paul Wiles says we should not expect any swift changes to the law. "Everybody knows that this country at the moment is totally focused on leaving the European Union and until that is finished... I don't think the government seems to have much appetite for anything very much," he explains.

Google Chrome updateGoogle Chrome update: What are the new features? 

GOOGLE Chrome has released a new look in its latest update to celebrate the browser’s birthday.

Google Chrome is celebrating 10 years since it released its first browser.

The major update went live earlier in the day, and has completely refreshed the look of the browser.

Offering more rounded corners, new icons and a fresh colour palette, it aims at making the icons easier to see.

Google wants to make life easier for users who are navigating across lots of tabs.

What are the new Google Chrome features?

  • Password generator – A clever new feature allows the browser to make your passwords for you as well as storing them. When you sign up for a website Chrome will suggest a strong password for you to try. Chrome will either generate one for you by pressing the password box, or it can fill in a password you have already saved.
  • Search bar boost – The new search bar function will provide search results for common queries without ever clicking enter. The Omnibox can give you all sorts of information, such as weather or how long a specific film is.
  • Tab search – This is a clever function for those who have so many tabs open they can’t find the one they were looking for. Simply type the website or page name into the Omnibox bar, and click “Switch to Tab”.
  • Easy translation – Google often offers you the chance to translate a page with a pop up box. However, if a box doesn’t appear, you can now right click on the page to translate.
  • Aesthetics – It’s not only its functionality that has changed, but also its aesthetics. Google Chrome has gone from its pointy corners to rounded edges to mark the 10 year milestone.The icons, colour scheme and interface has also been updated.

Google said in a blog post: “These updates have a simpler look and will (hopefully) boost your productivity.”

The browser is now prompting users to create more diverse passwords across a range of websites, meaning they no longer use the same one across all platforms. When a website tells a Chrome lover to change their password the app will now offer to generate one and store it for later deployment. Such a move could prevent multiple accounts of a user being compromised if one of their passwords is identified.

The American tech giant declared: "We’ve also significantly improved the way Chrome handles passwords. Staying secure on the web means using strong and unique passwords for every different site.
When it’s time to create a new password, Chrome will now generate one for you (so you’re not using your puppy’s name for all of your passwords anymore). Chrome will save it, and next time you sign in, it’ll be there, on both your laptop and phone."

Netwise 21.09.18

Cyber Security Advice

The following advice was recently published in the finance section of a National newspaper. It lists 6 important points worthy of highlighting:

  1. Be vigilant. It is a chore but checking your bank statements regularly is essential. Call the bank if unsure about a transaction. Also use a credit checking agency for a one-off free check to ensure no one is using your personal information to set up loans. Agencies include Experian, Equifax and Callcredit.

  2. Stay safe with anti-virus software. Although it can be free, consider paying approximately £40 a year for security covering a variety of gadgets. Do not be tempted by “pop-up windows” offering security – these can be a scam. Accept security software updates as they provide ongoing protection.

  3. Use a strong password for any online accounts. Picture imaging can help for codes but also consider password manager software.

  4. Do not share personal information. Social media may be fun but it is a great place for fraudsters to obtain your private details – photos, birthdays,holidays – that when pieced together can compromise your financial security

  5. Be wary of public wi-fi. Fruadsters can hack into it – often offered in cafes or train – to see what you are doing on your laptop or smartphone. Be wary of making payments or accessing bank details when unsure of a connection. Some fraudsters even mimic public wi-fi to get your details.

  6. Do not trust websites without first checking the suffix. Fraudsters can steal details and money through bogus websites. They may look official but the final letters often give a clue with regards to authentication. Some fraudulent sites have used ‘co.com’ suffix when the real one is ‘co.uk’. The prefix is worth checking out too. An ‘https’ prefix shows a website that is more secure than one that starts with just ‘http’. The code ‘https’ stands for ‘hypertext transfer protocol secure’

Alert message sent 12/09/2018 18:02:00
Information sent on behalf of Neighbourhood Watch Scotland