Mayday, mayday, we’ve been hit with a data breach

Mayday, mayday, we’ve been hit with a data breach

posted in Disaster Recovery ● 4 May 2017

In recent months, technology giant IBM accidentally sent their own customers Malware, the Metropolitan Police Force gave away contact details of gun users in the UK and mobile operator Three, failed to control access to customer’s personal details and account details by third parties.

All three of these companies should know better when it comes to the risk of a data breach but it goes to show that all companies are at risk of data breach and should be doing more to combat this risk, especially with GDPR on the horizon.

GDPR is The General Data Protection Regulation and comes into force in Europe in May 2018 but will have a global effect.

In IBM, we trust

Although IBM were most likely one of the first companies to have ever experienced and learnt from a data breach, it seems not even they can avoid a slip up every now and then. This week, IBM have made users aware that USB flash drives containing the initialisation tool for some of their Storwize systems “contained a file that has been infected with malicious code”. It is not yet known how many customers may have been affected by this but IBM had been actively distributing the software unknowingly putting their own customers at risk.

Policing data breach

While data breach isn’t usually an area the Metropolitan Police Force would be involved in, leaving that up to the ICO, they are now. For the wrong reasons.

The Data Protection Act in the UK ensures that personal data such as your name and home address must be handled in a safe and secure way. So, when the police are accused of selling or giving away this information for 30,000 people it’s clear that something has gone wrong. In addition, the fact that these 30,000 people are legal gun owners gives, even more, reason for concern.

Three’s a charm

Three are no stranger to data breach having had data for more than 130,000 of their customers compromised by cyber-criminals less than 6 months ago. So being back in the news for another data breach should be a worry.

This time around, customers were presented with each other’s names, numbers and call history when attempting to log into their accounts. According to a spokesperson, “no financial details were viewable” and they will be “investigating the matter”.

Reducing the risk of data breach

Data breach and data loss are costly to organisations; From a monetary sense fines can be levied by the relevant state Information Authority (e.g. the ICO in the UK) and further with reputational damage. Three are a prime example of an organisation that will have damage done to their reputation due to data loss. When you look for a new phone provider, it is unlikely that you are going to choose the one known for losing customer data and personal details.

These cases all have something in common in that the companies were quick to confirm that the matters would be explored further and that actions would be taken to ensure breaches would not happen again. This being the case, the sources of the initial breaches are unknown to the public.

Data breaches can come from many sources and it would be difficult for any organisation to claim total security against them. However, it has been reported that 25% of breaches involve internal actors compared to 51% involving organised criminal organisations. Of these attacks over half, 51%, included malware which has been a growing threat in IT for the past 18 months.

The threat from internal users should be less than 1 in 4 and Network managers and administrators will have to review internal policies and procedures to lower this, usually starting by limiting who can access data.

Statistics used are from the Verizon DataBreach Investigations Report 2017. 

The cyber criminals exploiting coronavirus panic

Reading, 20 March 2020 – Cyber hackers are preying on the public’s fear of Covid-19 to spread their own harmful viruses. According to multiple cybersecurity experts, the spike in phishing techniques, fraudulently claiming to come from an official source is the worst in years.

Continue reading

How to keep business healthy during outbreak

Reading 12 March 2020 – Up to a fifth of the UK’s workforce are likely to be off sick at the peak of the coronavirus pandemic, according to the Government’s best estimations.

Continue reading

Is your medical practice a top ransomware target?

Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper. Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.

Continue reading