TV Licensing ‘security glitch’ exposed some customers’ bank account details
TV LICENSING has played down a “security glitch” that exposed some customers’ bank account details.
The outfit, which is responsible for nagging TV-watchers to pay the BBC license fee, has notified customers who accessed its website between 29 August and 5 September that their personal details may have been pinched.
The issue appears to have first been brought to light by infosec blogger Mark Cook – who estimates that 130,000 could be affected by the breach – after he spotted that Chrome was flagging the TV Licensing website as insecure.
— 🅼🅰🆁🅺 🅲🅾🅾🅺 ≠ Mark Cook (@thetafferboy) September 3, 2018
He notes that while TV Licensing has a secure, HTTPS version of its website, Google was listing the not-so-secure HTTP version at the time of the breach.
TV Licensing, which has since made the switch to HTTPS, claims that it isn’t aware of anyone’s data actually having been accessed, and it insists there is a “very small” risk of the information having been accessed. However, it goes on to warn that information including names, addresses, and bank details including sort codes and account numbers may have been grabbed during the seven-day period.
And to make matters worse, it notes that, in some cases, this information was not encrypted.
“This issue did not affect debit and credit card details but it may have affected customers’ personal details such as name, address and email or, if customers entered bank details, the sort code and account number.
“In some cases, this information was not encrypted when it was transmitted from the customer’s computer.
“There is no evidence of the website being subject to any sort of attack, or anyone having acted maliciously and the chances of anyone having accessed this information are very small,” it adds.
The company is advising customers to check their bank accounts to ensure there are no transactions that haven’t been authorised and that direct debits haven’t been amended.
“If you detect any suspicious activity on your account, you should contact your bank or building society urgently,” it added.
Source : Inquirer