UK Border Agency officials arrested 20 workers for alleged breaches of visa conditions following overnight raids at the Tesco.com office in Croydon, South London on July 21st. That took a long time before it hit the news.
Apparently foreign students, mostly of Bangladeshi and Indian origin, had been working three-and-a-half times longer than their visas allowed.
At least seven Tesco employees, who have not yet been identified, have since been deported and several others are still under investigation.
While those arrested, believed to be aged over 18, had student visas and the right to work in the UK, they are alleged to have exceeded their 20-hour-a-week working limit by up to a further 50 hours in some cases.
A UK Border Agency spokesperson said: “We received information that some staff members were working in the UK illegally at Tesco.com on Factory Lane, Croydon. In response officers carried out an operation in full cooperation with the company shortly after 3am on Saturday, July 21st 2012. Twenty individuals have been arrested and now face removal from the UK. The operation was part of an ongoing campaign to tackle visa abuse which has seen over 2,000 offenders removed since the beginning of May”.
Meanwhile Tesco website get security advice
The UK’s data privacy watchdog is examining the security of Tesco’s website after a string of Tefals (experts) highlighted concerns.
The ‘Tefal heads’, you have to be of a certain age to know that expression, have criticised the way in which the global supermarket chain stores the passwords of shoppers on Tesco.com.
Troy Hunt, a security expert – sounds more like a Wild West gunfighter – who revealed details of the flaws on his blog, told the BBC he believed the Tesco website was breaking some fundamental data storage rules.
“When a website stores passwords, how they’re protected in the database is important,” he explained. “If that database is breached, the only thing saving someone’s credentials is the way they’re protected in storage. What should have happen is that there should be some form of cryptographic storage – not in plain text.”
Troy pointed out that as Tesco was able to email users their password in plain text, this showed the data was not being stored cryptographically. A more secure method of password recovery is for websites to email users instructions on how to reset their password, rather than revealing the password itself.
Mr Hunt also criticised Tesco for not using HTTPS – Hypertext Transfer Protocol Secure – across its entire site. He said this left users susceptible to phishing attacks or even the interception of data – particularly when using shared wi-fi networks.