Skipton Building Society has announced a successful deployment on new database security technology for a new mortgage broker application.
The information security of the UK's sixth largest building society came under scrutiny in February this year when the Information Commissioner's Office (ICO) warned it to raise IT security levels after losing an encrypted laptop containing the personal details of 14,000 customers.
At the time, it signed a legal agreement to ensure the security of the personal data it holds in the future, included its encryption and the ability for the ICO to carry out risk assessments.
Now it has taken steps to protect its customer-facing mortgage broker SQL application that contains confidential customer data. Colin McMahon, Skipton technical services infrastructure manager, said it recognised the need for extra security.
"Whilst we have databases based on proprietary technology, the new application used an SQL back-end, which made it far more vulnerable to attack," said McMahon.
"A successful SQL injection attack could have allowed a hacker to make any number of illegitimate requests to the database. We therefore urgently needed a security solution that understood the true intent of all database access requests and one that could identify and block any illegitimate ones."
Skipton, which is also the parent company to 19 subsidiary financial services companies, chose to deploy the Secerno DataWall database activity monitoring and security suite.
It is enabling the company to set and update access rules and policies around the application more easily, continually monitor traffic and analyse the data from activity reports.
"Secerno's technology now adds to the protective perimeter around the database itself, so we are confident that our application data is well protected. We owe this to our customers."
The society now plans to develop a number of new internal business applications that make greater use of SQL databases.
McMahon added that the new system has proved very effective at highlighting security bugs and flaws in the new application. "By flagging these vulnerabilities, it has helped our developers write tighter code and build more secure applications from the outset, which is far more time and cost effective than remedying problems after an application has gone live," he said.
"It's very reassuring to know that we have done everything possible to mitigate the risk of a data security breach, protecting our own reputation and that of our customers."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
New Zealand privacy commissioner tipped to become next ICO headNews John Edwards is said to be an 'anti-Facebook' regulator who would fit well in the UK's plans to clamp down on big tech
-
What is a freedom of information (FOI) request?In-depth We look at the mechanism citizens can use to hold public bodies to account
-
ICO hints at Facebook hypocrisy over data protection goalsNews Elizabeth Denham asks Facebook to drop appeal after CEO's call for greater internet regulation
-
ICO to investigate Google over GDPR violationsNews UK Watchdog to liaise with other European regulators over 'forced consent' push by the tech giant
-
ICO myth-busts on the flow of data post BrexitNews The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario
-
Leave.EU faces big fine over data law breachesNews Information commissioner reveals Leave.EU was fined a total of £75,000 for “serious breaches”
-
ICO website knocked offline for more than 24 hoursNews The outage was caused by an “unprecedented electrical surge” that damaged its host’s circuits
-
Elizabeth Denham appointed ICO bossNews Denham will be tasked with helping the UK leave the EU without any knock-on effects on privacy
