Payday lending and pawnbroking business Cash Converters International Ltd (ASX:CCV) announced a cybersecurity breach in its UK operations last night. The company reported that it had:
“Received an email threat from a third party claiming to have gained unauthorised access to customer data within a Cash Converters’ United Kingdom website (‘Webshop’). The unidentified third party’s threat included the widespread release of the data unless it receives a financial payment.”
Cash Converters has reported the threat to the authorities in the UK and Australia, and has appointed security advisors to review its systems. Credit card data was not stored on the Webshop although hackers may have accessed user records including personal details, passwords, and purchase history.
From an investment perspective I think there are several key things to watch for now:
- If the site was hacked, are the rest of Cash Converters’ systems equally vulnerable and would they be more likely to be targeted in the wake of this update?
- What is the reputational impact of the breach? Cash Converters states it does not expect a financial impact in the current financial year, but that may change if customers lose trust in the business.
- What is the likelihood of a class action and what would that cost? It is not clear from the announcement, but it does sound as though Cash Converters bears some responsibility.
Sadly, computer system integrity is becoming an increasingly relevant – and often overlooked – concern for investors, with a vast majority of companies relying in one way or another on computer systems.
One possible way to benefit from this theme is via the HACK exchange-traded fund – BETA CYBER ETF UNITS (ASX: HACK) – which owns a mix of global and US-listed cybersecurity companies.
This is shaping up as a growth industry, and I expect that this cybersecurity breach from Cash Converters is not the last we will see from an ASX-listed company.