In our latest round-up from the cyber security industry, Digital Health reports on news that a hacking team behind the breach on the National Lottery website have been jailed, and claims that the Ticketmaster data breach could be part of a much wider hacking campaign.

National Lottery hackers gamble with jail time

Two wannabe hackers have been jailed for their role in the cyber-attack on the National Lottery website in 2016.

Twenty-one-year-old Idris Akinwunmi and 28-year-old Daniel Thompson were jailed for four months and eight months respectively for the attack, which resulted in the usernames and passwords of some 26,500 customers being compromised.

Akinwunmi transferred just £13 into his account during the attack, whereas Thompson spent around £3 playing a game on the National Lottery website, the BBC reports.

Otherwise, the pair made no financial gain from the offence, which took place in November 2016.

Thompson pled guilty to three offences relating to cyber-crime, while Akinwunmi admitted a hacking offence and fraudulently wiring money to his account.

The pair are reported to be just two participants in a group of “thousands” that corroborated in the attack.

Whitbread data breach could Costa employees their privacy

Whitbread, the multi-billion-dollar parent company of hospitality chains Costa, Premier Inn and Beefeater, has found itself on the receiving end of a data breach after a hack on its recruitment platform provider.

Prospective employees who have applied for jobs at Whitbread chains in recent months have been warned that their data may have been accessed by cyber-crooks after PageUp, an Australian software provider, revealed that it had been hacked.

According to Info Security, Whitbread sent an email to those who may have been affected warning that they were at risk from falling victim to identity theft.

Information thought to have been compromised includes names, email and home addresses, telephone numbers, sex, dates of birth and employment details.

It is unclear how many users have been affected by the breach.

Whitbread said that it was “very sorry that this has happened”.

Thales and Device Authority focus talents on IoMT

Thales and Device Authority have launched an authentication system for internet-connected medical devices to help keep medical data secure.

The system, jointly-developed by equipment maker Thales and M2M security firm Device Authority, provides a system for issuing and managing device credentials when a new device is added to healthcare networks.

Using Device Authority’s KeyScaler platform, the system offers a security token that the device can use to validate itself on IoT platforms, by providing a unique key and certificate.

The solution is currently being piloted with medical devices.

Darron Antill, chief executive of Device Authority, said: “IoT is transforming the healthcare industry and the way healthcare is provided.

“There must be no question at any point over the integrity of the data or the medical device.

“This solution will bring a new level of assurance to both healthcare professionals and patients that the technology being implemented is secured and all data transferred is safe from compromise.”

TicketMaster breach ‘tip of iceberg’

A cyber-attack affecting tens of thousands of Ticketmaster customers could be just “the tip of the iceberg”, it has emerged.

It has been claimed by US risk analysis firm RiskIQ that the attack on the ticket seller in June, which led to users’ personal information and credit card details being stolen, is part of a much wider hacking campaign by the Magecart hacking group.

The firm has suggested that Magecart may have as many as 800 e-commerce websites in its crosshairs.

In a report written by RiskIQ security researchers Yonathan Klijnsma and Jordan Herman, the pair warned that “the Magecart problem extends to e-commerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern.”

They went on to suggest that “publicly reported breaches” were “wrongly interpreted”, and that many incidents may in fact be “all part of the operation of Magecart, a single group that many reports fail to identify, which is spreading faster and wider than ever before.”

Blighty more committed to pen testing than Land of the Free

Finally, a survey has suggested that UK companies are more proactive in ensuring their companies are prepared for cyber-attacks than their American counterparts.

A survey conducted by Outpost24 revealed that over half (56%) of UK firms have enlisted the services of third parties to carry out penetration tests on their networks, compared to just 17% of US organisations.

The results also suggested that US firms were more prone to turn a blind eye to vulnerabilities: 42% of US organisations admitted they had ignored a critical security flaw “because they didn’t have the time or skills to rectify it,” compared to 19% of UK organisations.

Just under a quarter (24%) of all those surveyed said they either didn’t, or were not sure if, their organisation ran security testing.

The research was carried out during the Infosecurity Europe conference in London on 5-7 June, and at the RSA Conference in San Francisco, held 4-8 March.

It’s worth noting the relatively small sample size of the survey however, with software firm Outpost24 quizzing 269 UK professionals and 155 from the US.