DealerBuilt has just been censured by the Federal Trade Commission for failure to encrypt customer data alongside a range of other failings, leading to the hacking of the personal information of almost 70,000 customers in 2016.
James Tew, CEO at iVendi, said: “In this case, the company at fault has only been punished by putting in place a range of future measures surrounding security. It is difficult to see the Information Commissioner in the UK being as lenient.
“It appears, from the FTC’s statement, that there were almost no proper security policies in place at all - no vulnerability scanning, no penetration testing and no other measures that would have detected the problem.”
He said that the damage to the company and its clients was likely to be considerable from a practical and reputational point of view.
“The data lost presumably all belonged to individual dealers and the customers concerned will have had to be informed. The loss of reputation of all the parties involved must have been substantial and this will inevitably have a financial impact.
“Of course, in the UK, that kind of loss of data can also result in a fine of up to 4% of global turnover. That’s an amount that should concentrate minds.”
James said that where data was left vulnerable, the core issue was generally one of cost – good data security was expensive.
“We know this from personal experience. We have undergone a process in recent years designed to meet not the just the standards of large dealer groups but multinational financial institutions. It’s exacting and expensive.
“We have a full-time security department and they represent a substantial investment over the last few years. Not only have we recently gained accreditations including ISO27001 and Cyber Essentials but we have also recently appointed our first ‘ethical hacker’.
“All of this, we believe, places us in a market-leading position as far as data security in online motor retail is concerned. Our view is that it is very much worth the effort and the expense but some others in the sector are simply not as committed.”