Alert follows £7,500 fine against hotel booking site for payment card leak.
The Information Commissioner’s Office (ICO) has warned British organisations that they must defend themselves against the common method of hacking known as SQL injection.
The alert comes in the wake of a £7,500 fine against the hotel booking website Worldview Limited for a cyber breach that gave hackers access to the payment card details of more than 3,800 people.
Simon Rice, group manager for technology at the ICO, said: "It may come as a surprise to many in the IT security industry that this type of attack is still allowed to occur.
"SQL injection attacks are preventable, but organisations need to spend the necessary time and effort to make sure their website isn’t vulnerable."
An SQL injection works by requesting information through a database form, sometimes alongside submission of ostensibly legitimate data to the system.
In the case of Worldview the data stored was actually encrypted, but the means of decryption was stored alongside the information, allowing hackers to access full card details and the three digit security code.
"Organisations must act now to avoid one of the oldest hackers’ tricks in the book. If you don’t have the expertise in-house then find someone who does, otherwise you may be the next organisation on the end of an ICO fine and the reputational damage that results from a serious data breach," Rice added.