With an increase in the use of digital and data being stored on the cloud, companies are spending more and more on security to prevent hackers from getting into their accounts.
What is a Data Breach?
A data breach is a compromise of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to protected data – essentially anything that affects its confidentiality, integrity or availability.
Since the GDPR (General Data Protection Regulation) came into force in May 2018, all organisations are legally required to report certain types of personal data breach to the ICO (Information Commissioner’s Office) within 72 hours of becoming aware of the breach.
“43% of businesses have experienced a cyber security breach or attack in the past 12 months”.
Despite the Information Commissioner’s Office (ICO) recently slapping record megafines on British Airways and Marriott for data leakage, it’s actually the UK’s public sector that racked up the biggest volume of breaches in the last eight years.
Here are some of the biggest data breaches recorded over the past few years:
People Affected: 3 Billion
When? December 2014
What Happened? The web service provider suffered a colossal data breach after an employee fell victim to a phishing attack in early 2014.
People Affected: 383 Million
When? November 2018
What Happened? Cyber criminals discovered a vulnerability in one of the hotel’s reservation systems, giving them access to a database containing names, payment card details and contact details of millions of customers.
People Affected: 145.5 Million
When? July 2017
What Happened? Consumer credit company Equifax recorded $87.5 million in expenses and a 27% drop in net income after the personal data of 47.9 million of its users was compromised in what has arguably been the cyber security scandal of the decade.
People Affected: 50 Million
When? September 2018
What Happened? The accounts of nearly 50 million users were exposed by a vulnerability in the social media giant’s “View as” function, allowing attackers to take over accounts and third-party platforms that used Facebook logins
People Affected: 10.2 Million
When? July 2017
What Happened? Shares in Dixons Carphone plummeted by as much as 6% after approximately 10 million records containing personal data were compromised in what was described as the “biggest online data breach in UK history”.
People Affected: 500,000
When? September 2018
What Happened? Criminal hackers injected malicious code into British Airways’ website, diverting traffic to a fraudulent replica site. Customers were then handing their information to fraudsters including login details, payment card information, address and travel booking information.
Where a breach has taken place, companies may need to notify individuals as well as face negative impact on the company’s brand and customer loyalty. Under the General Data Protection Regulation, companies may face fines of up to £20 million or 4% of annual turnover.
It is possible to minimise the risk of data breaches by following a number of best practices:
Up-to-date Security Software
Regular Risk Assessments
Encryption and data backup
Staff training and awareness
Ensure vendors and partners maintain high data protection standards
Third party Data Security Evaluations