According to data protection and privacy company Tala, sensitive data pertaining to customers of top mobile service providers in the European Union is at risk due to poorly protected websites.
An examination of the websites of 13 of the EU’s largest mobile telecom companies showed that none of them have even the bare minimum of security measures in place to be considered stable.
“Despite having a combined customer base of over 235 million, none of the mobile carriers received a passing grade for website security. “No one of the mobile providers examined comes close to a score of 80+, where 50 is barely a passing grade,” Tala writes in a new survey.
Despite the lack of adequate website security, telcos collect a large amount of confidential data from their customers during online sign-up, including names, emails, addresses, dates of birth, passport numbers, payslips, and in some cases, banking information.
Customers’ personal information is potentially exposed by the forms used to collect data on these mobile operators’ websites, as these link to a wide number of domains, exposing widespread data sharing, “25 percent more than the global Alexa 1000 average for websites,” according to Tala.
“When website owners struggle to protect data as it is entered into their websites, they are essentially hanging it; the only reason it hasn’t been hacked is that criminals haven’t taken it. “Yet,” the firm stresses.
While most data exchange took place via whitelisted, legal applications, the website owner wasn’t always aware of the types of data collected or the scope of the data collection.
“Even whitelisted apps can be used to steal data, posing serious concerns about data protection and, by extension, GDPR. Unfortunately, the review shows that none of the EU telcos examined here are sufficiently aware of the threat,” Tala says.