M&S security scare: the lesson of the ATM

One broken link on its website, and suddenly the casual surfer is handed encrypted passwords, log-in information and credit card dummies.

Granted M&S's error is far less dramatic than either Barclays' or Powergen's lapses, but that does not mean it should be brushed off as 'just one of those things'.

Unlike other recent online security lapses, at least the M&S information was encrypted. Having said that, even in that form, two top security experts told silicon.com that it would give any cracker a real 'foot in the door' should they be dead set on stealing credit card numbers or other sensitive consumer data.

Why are these cases becoming commonplace? It appears to be an attitude of mind within the offending companies. Getting online seems to be being treated as a matter of urgency and 'let's not worry too much about the detail while we're doing it'.

This has got to stop. When you walk down a street and put your cash card into an ATM, you don't expect to accidentally stumble across everyone else's account details. And you don't.

That should be the case online as well. Too many of these high street giants seem to be under the impression that being 'late to market' is the real crime, and that's leading them into the corner cutting mire, where getting their sites live a couple of months sooner is worth the risk of a security scare.

It's time these high-street firms got their act together. They all need to stop panicking about being late, and spend time building proper, robust systems that have virtually no chance of leaving vital information on display.

After all, it's not just their own credibility that's going down the drain - it's the credibility of every dot-com in the land.

silicon.com is currently running a campaign to give the Data Protection Commission (DPC) the resources it needs to make online vendors take data security seriously. If you want to register your support, please email backtheact@silicon.com.