Mayday, mayday, we’ve been hit with a data breach

Mayday, mayday, we’ve been hit with a data breach

posted in Disaster Recovery ● 4 May 2017

In recent months, technology giant IBM accidentally sent their own customers Malware, the Metropolitan Police Force gave away contact details of gun users in the UK and mobile operator Three, failed to control access to customer’s personal details and account details by third parties.

All three of these companies should know better when it comes to the risk of a data breach but it goes to show that all companies are at risk of data breach and should be doing more to combat this risk, especially with GDPR on the horizon.

GDPR is The General Data Protection Regulation and comes into force in Europe in May 2018 but will have a global effect.

In IBM, we trust

Although IBM were most likely one of the first companies to have ever experienced and learnt from a data breach, it seems not even they can avoid a slip up every now and then. This week, IBM have made users aware that USB flash drives containing the initialisation tool for some of their Storwize systems “contained a file that has been infected with malicious code”. It is not yet known how many customers may have been affected by this but IBM had been actively distributing the software unknowingly putting their own customers at risk.

Policing data breach

While data breach isn’t usually an area the Metropolitan Police Force would be involved in, leaving that up to the ICO, they are now. For the wrong reasons.

The Data Protection Act in the UK ensures that personal data such as your name and home address must be handled in a safe and secure way. So, when the police are accused of selling or giving away this information for 30,000 people it’s clear that something has gone wrong. In addition, the fact that these 30,000 people are legal gun owners gives, even more, reason for concern.

Three’s a charm

Three are no stranger to data breach having had data for more than 130,000 of their customers compromised by cyber-criminals less than 6 months ago. So being back in the news for another data breach should be a worry.

This time around, customers were presented with each other’s names, numbers and call history when attempting to log into their accounts. According to a spokesperson, “no financial details were viewable” and they will be “investigating the matter”.

Reducing the risk of data breach

Data breach and data loss are costly to organisations; From a monetary sense fines can be levied by the relevant state Information Authority (e.g. the ICO in the UK) and further with reputational damage. Three are a prime example of an organisation that will have damage done to their reputation due to data loss. When you look for a new phone provider, it is unlikely that you are going to choose the one known for losing customer data and personal details.

These cases all have something in common in that the companies were quick to confirm that the matters would be explored further and that actions would be taken to ensure breaches would not happen again. This being the case, the sources of the initial breaches are unknown to the public.

Data breaches can come from many sources and it would be difficult for any organisation to claim total security against them. However, it has been reported that 25% of breaches involve internal actors compared to 51% involving organised criminal organisations. Of these attacks over half, 51%, included malware which has been a growing threat in IT for the past 18 months.

The threat from internal users should be less than 1 in 4 and Network managers and administrators will have to review internal policies and procedures to lower this, usually starting by limiting who can access data.

Statistics used are from the Verizon DataBreach Investigations Report 2017. 

Benefits of Outsourced Data Backup

What are the advantages of outsourced data backup?

There are many reasons that businesses and their IT teams may weigh up the option to backup and protect data with an inhouse solutions versus outsourcing data backup.

Continue reading
Cyber-Criminals Targeting Schools

What can schools do about being soft targets for cyber-criminals?

Cyber-criminals are increasingly viewing education institutions as easy prey. No surprise then that the UK’s National Cyber Security Centre (NCSC) recently warned of a spike in the targeting of schools, universities and colleges.

Continue reading
Data Protection for Google Outages

Google outage is a data protection wake-up call for businesses

The majority of Google services went down yesterday, leading to widespread disruption all around the world. Users were left waiting for almost an hour before hearing they could regain access. 

Continue reading