1 In A Million - Are You Part Of The Latest African Data Breach?

1 In A Million - Are You Part Of The Latest African Data Breach?

posted in Cyber-SecurityProduct ● 5 Jun 2018

The last 12-months has seen several high-profile data breaches. In Europe, data protection has been under the microscope for 24-months in the run-up to the now active General Data Protection Regulation (GDPR). Now in a similar vein, in South Africa, organisations are beginning to prepare for the announcement and implementation of the Protection Of Personal Information Act (POPI).

The latest breach making headlines in South Africa is the news that just under a million personal records have been leaked online. The effects of this breach could see fraud on the rise and for the organisation at fault, customer confidence is certain to be low. Security Analyst and Consultant, Troy Hunt, founder of haveibeenpwned was able to identify the breach which was communicated to technology news publication iAfrikan.

The leak of approximately 934,000 personal records contained highly sensitive information including:

  • National Identification numbers
  • Email addresses
  • Full name
  • Plain text passwords

The data was later revealed to have leaked from an unsecured web server belonging to traffic fine organisation, ‘ViewFines’.

Global breach landscape

Global data breaches have been on the rise and it is not uncommon to read stories of organisations who have lost data to a breach. In South Africa, breaches have also been on the rise and in 2017 the country saw its largest-ever data breach when the firm Dracore Data Sciences leaked a huge 75 million records from a database. This breach was also related to an unsecured web server and was said to have contained the personal records of 60 million South African citizens.

Uber-hack

For a breach with global effect, you must look no further than taxi giant, Uber. With both drivers and customers across the globe, Uber holds an enormous amount of sensitive information. In 2017, the firm admitted that a year prior it had suffered a hack, in which 2 unnamed individuals had managed to access the records of over 55 million users (drivers and customers alike).

The breach was said not to have affected ‘core’ systems but rather data being held in a GitHub repository.

Equifax breach

Equifax is one of the largest credit agencies in the world. When they suffered a catastrophic breach, it was quickly known that over 100 million people were likely at risk of having had their data stolen. Victims were largely in the United States, however, customers from Canada the UK and other European countries were also affected.

The Equifax breach is thought to be one of the largest of all time. The estimated number of records now stolen is more than 145 million.

Consequences of a data breach

Data breaches are serious matters and dependent on the type of breach and types of data lost can have terrible consequences. While accidentally deleting large amounts of data is a serious breach and could have huge effects internally for an organisation, it is less likely to affect a person whom the data relates to. If, however, hackers gain access to personal records such as address details and a person’s credit card number its clear to see this could be used for fraudulent activity.

Data breaches are newsworthy items, people have greater understandings of data security and what a breach could mean to them. Organisations who regularly suffer breaches often have to deal with the effects this can have on their reputation. Would you choose to be a customer of an organisation who put your personal data at risk?

A data breach can be costly for many reasons. There will be a cost associated with discovering and investigating the breach, not to mention fixing issues to ensure a breach is not repeated. However, the real costs will come in the forms of fines for non-compliance with data protection laws. Fines are not the only penalties that can be given for non-compliance, but they are some of the most common. Under some data protection laws, individuals can be criminally prosecuted for non-compliance.

Europe’s GDPR can see organisations fined up to €20,000,000 for the most serious data breaches.

Staying protected against data breaches

Best practices for protecting data against loss or breach vary across systems and environments, however, there are some fundamentals that can help any organisation to protect data. The nature of what data is being protected will also be a factor in how best to protect it.

Limit access to sensitive information

Limiting and tracking access to sensitive personal information will give greater visibility and control. Internal staff are still one of the most common reasons for a data breach such as stolen data.

Encrypt data

Data encryption is a widely used method of protection and one that is highly effective. By encrypting data, organisations can render it useless even if cyber-criminals do manage to gain access to it.

Don’t use default passwords

Some of the most common cyber-attacks involve a stage in which hackers will attempt to gain passwords or login information to access systems. Unfortunately for unprepared organisations ‘password’ and ‘admin’ are still commonly used passwords and give hackers easy access to systems and information.

Backup all data

Data loss and accidental deletion can be some of the most serious and costly breaches due to any associated downtime. Ensuring that a full backup of all data is in place will allow for organisations to recover data quickly and efficiently and cut downtime.

See the future of data management. Now

Watch our product demos to find out more about our solution.

The cyber criminals exploiting coronavirus panic

Reading, 20 March 2020 – Cyber hackers are preying on the public’s fear of Covid-19 to spread their own harmful viruses. According to multiple cybersecurity experts, the spike in phishing techniques, fraudulently claiming to come from an official source is the worst in years.

Continue reading

How to keep business healthy during outbreak

Reading 12 March 2020 – Up to a fifth of the UK’s workforce are likely to be off sick at the peak of the coronavirus pandemic, according to the Government’s best estimations.

Continue reading

Is your medical practice a top ransomware target?

Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper. Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.

Continue reading