IT contractors should be checked to avoid theft of credit card details, says Eversheds

Paula Barrett, data privacy expert at Eversheds, has commented on the theft of almost half of all South Korea’s credit card details.

Referring to the recent Target breach, she said that reports of another large-scale security breach involving credit card data in South Korea can only add to mounting concerns about data security standards.

Barrett said: ‘In this instance, the threat seems to have come “from within”. It seems an errant contractor took advantage of their position. The ability of this contractor to copy this volume of financial data begs a lot of questions.

‘But, while the sheer scale of the breach has brought attention to this matter, the degree of access that IT contractors and staff have is all too often overlooked within many other businesses. In the UK, the Information Commissioner’s Office warned over the Christmas period of the need to be vigilant in relation to the use of temporary workers/contractors.’

She added that often the checks, controls and training that might be undertaken for full-time equivalents are not undertaken for contractors, even though the performance of their roles will often give them direct access to personal or confidential data.

Barrett continued: ‘Even if this is not payment card data, this vulnerability in the protection of personal data or confidential information should be addressed within data security and data protection compliance programmes. As in South Korea, in the UK that weakness could lead to investigation by local regulators, significant fines and damages claims.’