Pried out
Hasn't stopped them hoovering up other companies. I've not found NCC a bad company just very expensive.
NCC Group’s chairman Paul Mitchell said he would be stepping down as he UK cyber security consultancy announced a drop in profits on Thursday. The UK-based firm - which was hit by the cancellation of three large contracts and the deferral of a fourth - posted a dip in pre-tax profits from £7.5m in its previous year to £7.4m …
We used NCC to pentest the 'secure' website of a well-known car company and both the client and their principal were very pleased to get an across-the-board seal of approval from them.
That is until it was explained that we left some deliberate bugs in the system to see if they picked up on them, namely that certain forms were insecurely creating nodes which then meant that not only was some customer information completely exposed (VIN numbers, service history, owner contact information) but that anyone could access this information by a simple url ... /content/VEHICLE_REG.
Congratulations to NCC though. They said that their systems would not have detected internal permissions misconfigurations and promptly offered a sizeable partial refund to the client.