I'm sure that most of you out there have heard of the recent attack on M&S, The Co Op, Harrods and other retailers who sell online.  As someone who works in IT, these incidents are both a learning curve, and a source of reinforcement of the values and procedures we put in place.  The M&S one happened because of a lapse in procedure by a third party. It happened like this. A hacker pretending to be a senior manager, phoned asking for a password change.  Red flags should have been waving wildly at this point alone, yet the third party IT company that M&s had outsourced to, when along with all the usual pleas of urgency etc. etc.  This is a very basic error, yet it has cost M&S a reported £300,000,000.  Bad, very bad. Now lets compare this to a recent hacking attempt on 'a UK based financial institution'.  No names mentioned or necessary.  Said institution has a policy that password resets can only happen when the person concerned is...