Reply to post: Re: encryption doesn't help?

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

Kubla Cant Silver badge

Re: encryption doesn't help?

The point is really whether the database itself is compromised, or the code that accesses it.

I was staggered to hear that this is apparently a SQL injection attack. FFS, it's 2015, and a major web site that handles personal financial details is vulnerable to an attack vector that was old news in 2005.

I can sort-of see the point about no legal obligation to encrypt. Most of the information they hold is strictly speaking public. Your name and address are on every letter you receive, your card numbers are available to anyone you pay using a cut-out coupon or old-fashioned card machine, your bank details are on every cheque you write.

In the days of paper transactions, none of this really mattered. Nowadays this public information is supposed to be kept secret. It's security by obscurity on a global scale.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021