South African Insurance firm Liberty have suffered a major data breach with the potential to put client and customer data at risk. There is little information as to how the breach occurred but allegedly is due to a strain of ransomware which allowed hackers to extract data from systems. Following this the perpetrators have attempted to extort ‘compensation’ from the organisation and threatened to leak the data.
On Saturday 16th June, Liberty began contacting customers to inform them of the breach stating:
“Liberty regrets to inform you that it has been subjected to unauthorised access to its IT infrastructure, by an external party who requested compensation for it… we have taken immediate steps to secure our computer systems and are investigating the incident”
Some sources are claiming that the breach came via an email server and that data was extracted from this but with the alleged dataset stolen, said to be 40 terabytes, it would appear that core systems may have also been accessed.
Following the news of the breach, the Liberty Group’s share price dropped 4% in value. Clients are likely to be worried about how the breach occurred and may lose confidence in the organisation. In addition, the organisation will need to establish how the breach occurred, establish the full extent of it and be ready to share this information with regulators. The likely end result will be a fine. The company has stated that they refused to pay the ransom although CEO David Munro stated he was unable to confirm the amount ask for.
“It’s fair to say an event like this is not something one can prepare for specifically. We prepare for them generally, but when an event like this takes place, it’s out of the blue. This occurred on Thursday evening. It took a couple of days before deciding we should inform customers and ensure that we can safely move into the public domain, as it is a complex matter… We back up our data. The challenge every enterprise has globally is the confrontation from cybercriminals attacking on a regular basis.”
The Liberty breach is just one of many cyber-attacks and ransomware attacks that have affected organisations in recent years. Most recently South African firm ‘ViewFines’ came under scrutiny when data of nearly 1 million citizens leaked including addresses and National Identification numbers.
Last year credit agency Equifax suffered one of the largest data breaches in history when they lost records pertaining to over 140 million people. This was mainly in the United States but also included data subjects in Europe, the UK and Canada.
Consequences of a data breach
In Europe, the GDPR is brand new legislation on how organisations and individuals should deal with data protection. Under the regulation organisations who do not comply and suffer a data breach are liable of fines up to £17,000,000 or 4% of global turnover. In South Africa, the Protection of Personal Information Act (POPI) is being passed and will be the overriding law.
Fines are not the only reason for organisations to be concerned with a potential data breach. Increasingly, customers count on an organisations reputation before making buying decisions and companies with bad reputations for data security are at risk.
Best practice for avoiding data breaches
Processes and procedures
Cyber-security processes and procedures are vital in ensuring that a breach does not occur. This must include how long data is kept for and the security around how data is stored.
Sensitive data and data relating to data subjects is what will be targeted by hackers and cyber-criminals. By limiting access to this data, organisations can help to limit the effects that phishing scams may have for those looking to access information with legitimate, but stolen, passwords.
Password attacks are still one of the most commons ways that systems are accessed by unauthorised parties. Botnet attacks in particular regularly make use of accessing systems often using default administrator passwords. It is vital to ensure all passwords have been updated and are secure.
Ransomware and other types of cyber-attack often compromise data, deleting it or making it inaccessible. Having a secure off-site copy of all data as a backup will ensure an organisation can recover from an attack and help to prevent data loss.
Do not pay a ransom
Paying a ransom is one way to get data back, however, it is not recommended. Not only is there no real guarantee that data will be returned correctly but cyber-criminals may strike again knowing that an organisation is vulnerable.
To find out more about how to protect against the threats of cyber-crime, download the latest whitepaper here.