News

1 In A Million - Are You Part Of The Latest African Data Breach?

Tue, 05/06/2018 - 06:54
Redstor_one in a million_blog
Data Management , Data Protection

The last 12-months has seen several high-profile data breaches. In Europe, data protection has been under the microscope for 24-months in the run-up to the now active General Data Protection Regulation (GDPR). Now in a similar vein, in South Africa, organizations are beginning to prepare for the announcement and implementation of the Protection Of Personal Information Act (POPI).

The latest breach making headlines in South Africa is the news that just under a million personal records have been leaked online. The effects of this breach could see fraud on the rise and for the organization at fault, customer confidence is certain to be low. Security Analyst and Consultant, Troy Hunt, founder of haveibeenpwned was able to identify the breach which was communicated to technology news publication iAfrikan.

The leak of approximately 934,000 personal records contained highly sensitive information including:

  • National Identification numbers
  • Email addresses
  • Full name
  • Plain text passwords

The data was later revealed to have leaked from an unsecured web server belonging to traffic fine organization, ‘ViewFines’.

 

Global breach landscape

Global data breaches have been on the rise and it is not uncommon to read stories of organizations who have lost data to a breach. In South Africa, breaches have also been on the rise and in 2017 the country saw its largest-ever data breach when the firm Dracore Data Sciences leaked a huge 75 million records from a database. This breach was also related to an unsecured web server and was said to have contained the personal records of 60 million South African citizens.

Uber-hack

For a breach with global effect, you must look no further than taxi giant, Uber. With both drivers and customers across the globe, Uber holds an enormous amount of sensitive information. In 2017, the firm admitted that a year prior it had suffered a hack, in which 2 unnamed individuals had managed to access the records of over 55 million users (drivers and customers alike).

The breach was said not to have affected ‘core’ systems but rather data being held in a GitHub repository.

Equifax breach

Equifax is one of the largest credit agencies in the world. When they suffered a catastrophic breach, it was quickly known that over 100 million people were likely at risk of having had their data stolen. Victims were largely in the United States, however, customers from Canada the UK and other European countries were also affected.

The Equifax breach is thought to be one of the largest of all time. The estimated number of records now stolen is more than 145 million.

 

Consequences of a data breach

Data breaches are serious matters and dependent on the type of breach and types of data lost can have terrible consequences. While accidentally deleting large amounts of data is a serious breach and could have huge effects internally for an organization, it is less likely to affect a person whom the data relates to. If, however, hackers gain access to personal records such as address details and a person’s credit card number its clear to see this could be used for fraudulent activity.

Data breaches are newsworthy items, people have greater understandings of data security and what a breach could mean to them. Organizations who regularly suffer breaches often have to deal with the effects this can have on their reputation. Would you choose to be a customer of an organisation who put your personal data at risk?

A data breach can be costly for many reasons. There will be a cost associated with discovering and investigating the breach, not to mention fixing issues to ensure a breach is not repeated. However, the real costs will come in the forms of fines for non-compliance with data protection laws. Fines are not the only penalties that can be given for non-compliance, but they are some of the most common. Under some data protection laws, individuals can be criminally prosecuted for non-compliance. 

Europe’s GDPR can see organizations fined up to €20,000,000 for the most serious data breaches.

 

Staying protected against data breaches

Best practices for protecting data against loss or breach vary across systems and environments, however, there are some fundamentals that can help any organization to protect data. The nature of what data is being protected will also be a factor in how best to protect it.

Limit access to sensitive information

Limiting and tracking access to sensitive personal information will give greater visibility and control. Internal staff are still one of the most common reasons for a data breach such as stolen data.

Encrypt data

Data encryption is a widely used method of protection and one that is highly effective. By encrypting data, organizations can render it useless even if cyber-criminals do manage to gain access to it.

Don’t use default passwords

Some of the most common cyber-attacks involve a stage in which hackers will attempt to gain passwords or login information to access systems. Unfortunately for unprepared organizations ‘password’ and ‘admin’ are still commonly used passwords and give hackers easy access to systems and information.

Backup all data

Data loss and accidental deletion can be some of the most serious and costly breaches due to any associated downtime. Ensuring that a full backup of all data is in place will allow for organizations to recover data quickly and efficiently and cut downtime. 

Recent Articles

Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organizations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018
Redstor-_Why_great_support_is_vital_blog Disaster Recovery

Why Great Support Is Vital To IT Strategy

An organization’s IT strategy must deal with many aspects, from ensuring users have a seamless experience to protecting against the threats of... read more

June 12, 2018