To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/retailandleisure/0,3800011842,39244963,00.htm

Cotton Traders' site hacked: Thousands of details stolen
Customer credit cards breached

By Nick Heath

Published: Wednesday 11 June 2008

Thousands of credit card details have been stolen after high street retailer Cotton Traders' website was hacked.

Hackers breached the company website in January and stole encrypted customer details.

It was initially reported that 38,000 card details were stolen. Cotton Traders claim the number is "substantially less" but refuse to confirm the actual number.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Cotton Traders warned that other major retailers would be vulnerable to the same attack saying its website has always met "leading security standards".

The company claims it notified its customers within days of it happening, flagged up the breach with banks immediately and closed the hole within hours of the attack.

Customers who have become a victim of fraud following the attack are being asked to contact their credit card provider.

Security groups say the attack highlights the need for laws governing companies' response to breaches, as called for by silicon.com's Full Disclosure campaign.

John Turner, European VP at security company Symantec, said in a statement: "The loss of personal data can have a huge negative impact on an organisation's reputation. Data breach notification legislation would be an important step to increase levels of data security and ensure that organisations are aware of their requirements and obligations to disclose to customers when personal data has been lost or stolen."

A spokeswoman for Cotton Traders said: "Cotton Traders have recently upgraded all security on their website which has been validated by leading industry experts."

She claimed it was only credit card numbers that were stolen.