Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Retailing giant becomes another to blame third-party provider after customer data loss

Retailing giant becomes another to blame third-party provider after customer data loss

 

The Co-operative Group has today apologised after data belonging to 83,000 customers was leaked online.

 

The retail, banking and services group has claimed that a third party provider of technical support for both its life planning and wills and funeral planning divisions was responsible for the breach.

 

A statement from a spokesperson for Co-operative Life Planning said: “As a result of an error at a company which provides technical support services to Co-operative Life Planning, the security of some data was lowered. The data related to funeral planning products held by Co-operative customers.”

 

Customer security notification

 

The statement went on to claim that leaked data is classified as non-sensitive under the Data Protection Act and that a full investigation into how the issue occurred is underway, while the Information Commissioner's Office (ICO) has been notified. “We take our responsibilities to our customers extremely seriously and we have written to all the approximately 83,000 customers affected,” it added.

 

Ross Brewer, vice president and managing director for international markets at log, security information and event management LogRhythm, said that, after a similar situation affected Play.com last week, this Co-operative Group security breach is further proof of the way that third parties can expose organisations to online threats.

 

“If these service providers are going to have access to data, then it is essential they are subject to at least the same level of security as the company procuring their services,” Brewer stated.

 

But he added that even this may not be sufficient. “Too many organisations today do not have the forensic view of the IT estate that is necessary to truly identify where and when data leaks originate. Every IT-related action creates a piece of log data that, when pieced together, provides a fingerprint of activity. However, with IT systems generating millions of logs daily, this is no easy task. Only by automating and centralising the collection and analysis of all logs can breaches be detected and dealt with – something many organisations are failing to do,” he said.