Computer misuse act (1990) case studies

making, supplying or obtaining tools used to commit computer misuse offences

unauthorised access with the intent to commit further crime

unauthorised access

unauthorised modification of data

WHSmith was hit by a cyber attack which has impacted current and former staff members.

The retailer made the public notification via an alert issued to the London Stock Exchange on 2 March, advising investors of a cyber security incident.

It said the attack has resulted in illegal access to some company data, which includes data on current and former employees.

Fashion retailer JD Sports has been hit with a cyber attack that has exposed information on millions of customers.


In a statement confirming the incident, the company revealed that up to 10 million customer accounts may have been compromised in the attack.

An employee falling victim to a malicious phishing email facilitated the attack but customer payment data has not been compromised


UK high street retail store The Works has confirmed a cyber attack on its systems, forcing some stores to close, with sources close to the matter saying systems are hit with ransomware.


The ransomware attack was facilitated by an employee falling victim to a phishing email, according to sources familiar with the situation. The company is working to fully understand the extent of the attack but can confirm that no customer payment data has been compromised.

Marriott

click to edit

marriott

The Starwood group of hotels, which includes Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft, and St. Regis, had been compromised sometime in 2014. This was before the Marriott Hotel group acquired it in 2016. It wasn’t until 2018 that Marriot found evidence of a breach through an internal investigation.

This meant for four years, the company had been the victim of a hacking campaign on Starwood’s reservation system. Cyber criminals exploited an unpatched vulnerability to hack the system.

While it was initially thought the hack affected 500 million people, this final number was 383 million. The hackers stole names, addresses, phone numbers, credit card information, email addresses, and unencrypted passport numbers.

The UK’s Information Commissioner’s Office (ICO) fined the Marriott chain £99 million ($135.95 million). The ICO said that Marriott ``failed to undertake sufficient due diligence" during the acquisition and missed the vulnerability as a result.

The scraped data of over 500 million LinkedIn profiles was put up for sale on a popular hacker forum in April 2021. The The hacker had already leaked two million records as proof of the existence of the much larger data treasure trove, according to reports by Cybernews.

The data included LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, and professional titles.

A spokesperson for LinkedIn said the posted data appeared to “include publicly viewable information that was scraped from LinkedIn combined with data aggregated from other websites or companies.”

Unauthorized Modification means a modification or alteration of a Product which the Company neither made, ordered, nor approved or that was not performed in accordance with the Company's policies.

modifying data without permission to do so. This could be done for the purpose of fraud.