GlobalData has accused retailers of failing to take sufficient precautions against cyber threats.
Following the news last week of cyber attacks and data breaches at Tesco, Boots and Virgin Media, GlobalData said companies were not being rigorous enough in stopping breaches taking place.
“The threat from a cyberattack is one of the biggest dangers to a company’s business and reputation, but too many companies are not taking the cyber threat seriously enough,” said GlobalData analyst David Bicknell.
“Breach announcements follow a familiar pattern in which a company belatedly puts its hands up, admits its error, and then plays down the seriousness of the breach. Some will then fight tooth and nail to reduce any financial penalty from the Information Commissioner,” he added.
“One of the principles of GDPR regulation is the requirement that organizations process data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
“It’s nearly two years since GDPR came into force, and you’d have to question whether companies’ approaches to both cybersecurity and data protection have the necessary rigor to stop these breaches occurring on a regular basis,” argued Bicknell.
The comments come after Boots last week barred all loyalty card payments after hackers attempted to access 150,000 customers accounts using stolen passwords.
Boots put the programme on lockdown after spotting “unusual” activity on a number of accounts, hackers attempted to access and spend loyalty points using passwords they had attained from another source.
It assured customers that no credit card information had been accessed and that the “details were not obtained from Boots”.
This follows a nearly identical attack at Tesco earlier this week, in which hackers who had obtained a list of usernames and passwords for another website attempted to access loyalty accounts which may use the same details.
Cyber security experts speaking to the Mirror said there was a chance the attacks had been carried about by the same group, due to the identical methods used in compromising the retailers’ loyalty schemes.