TV Licencing suffers Data Breach; urges Thousands of Customers to Check Bank Statements

It has been reported that tens of thousands of consumers who have entered their details on the TV Licencing website are being urged to check their bank statements for suspicious transactions following a data alert.

TV Licencing has stated that from 29 August until the afternoon of 5 September 2018, some transactions carried out on the website were "not as secure as they should have been". It is emailing 40,000 people who entered bank account and sort code details telling them to check their bank accounts for suspicious transactions and to make sure direct debits haven’t been amended.

Information, including names, addresses, and emails is also at risk because they were not encrypted when they were transmitted from customers' computers to TV Licencing.

Ryan Wilk, VP at NuData Security, a Mastercard company, said “Data in the wrong hands – especially payment card information – can have a huge impact on customers, far beyond the unauthorised use of their cards. Payment card information, combined with other user data from other breaches and social media, builds a complete profile.

"In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the Internet and in the physical world. Using these real identities, and sometimes fake identities with valid credentials, they’ll take over accounts, apply for loans, and much more. Every hack has a snowball effect that far outlasts the initial breach.

"All customer information is valuable to fraudsters. Name, physical and email addresses, passwords, the content of emails – everything that can be used to compile an identity will be used. We must change the current equation of "breach = fraud" by changing how we think about online identity verification. We need to protect all customer data, but more importantly, we need to make it valueless.

"Multi-layered technology that thwarts fraud exists right now. Passive biometrics technology is making stolen data valueless by verifying users based on their inherent behaviour, instead of relying on their data. This makes it impossible for bad actors to access illegitimate accounts, as they can't replicate the customer’s inherent behaviour.

"Analysing customer behaviour with passive biometrics is completely invisible to users. It has the added benefit of providing valid users with a great experience without the extra friction that often comes with other customer identification techniques. When fraudsters try to use stolen customer data or login credentials, they will find the data is useless.

"The balance of power will return to customer protection when more companies implement such techniques and technology.”