Hollerings | Digital & IT

Data Protection – The biggest breaches of the 21st century

With an increase in the use of digital and data being stored on the cloud, companies are spending more and more on security to prevent hackers from getting into their accounts.

What is a Data Breach?

 A data breach is a compromise of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to protected data – essentially anything that affects its confidentiality, integrity or availability.

Since the GDPR (General Data Protection Regulation) came into force in May 2018, all organisations are legally required to report certain types of personal data breach to the ICO (Information Commissioner’s Office) within 72 hours of becoming aware of the breach.

“43% of businesses have experienced a cyber security breach or attack in the past 12 months”.

Despite the Information Commissioner’s Office (ICO) recently slapping record megafines on British Airways and Marriott for data leakage, it’s actually the UK’s public sector that racked up the biggest volume of breaches in the last eight years.

Here are some of the biggest data breaches recorded over the past few years:

People Affected: 3 Billion

When? December 2014

What Happened? The web service provider suffered a colossal data breach after an employee fell victim to a phishing attack in early 2014.

People Affected: 383 Million

When? November 2018

What Happened? Cyber criminals discovered a vulnerability in one of the hotel’s reservation systems, giving them access to a database containing names, payment card details and contact details of millions of customers.

People Affected: 145.5 Million

When? July 2017

What Happened? Consumer credit company Equifax recorded $87.5 million in expenses and a 27% drop in net income after the personal data of 47.9 million of its users was compromised in what has arguably been the cyber security scandal of the decade.

People Affected: 50 Million

When? September 2018

What Happened? The accounts of nearly 50 million users were exposed by a vulnerability in the social media giant’s “View as” function, allowing attackers to take over accounts and third-party platforms that used Facebook logins

People Affected: 10.2 Million

When? July 2017

What Happened? Shares in Dixons Carphone plummeted by as much as 6% after approximately 10 million records containing personal data were compromised in what was described as the “biggest online data breach in UK history”.

People Affected: 500,000

When? September 2018

What Happened? Criminal hackers injected malicious code into British Airways’ website, diverting traffic to a fraudulent replica site. Customers were then handing their information to fraudsters including login details, payment card information, address and travel booking information.

Where a breach has taken place, companies may need to notify individuals as well as face negative impact on the company’s brand and customer loyalty. Under the General Data Protection Regulation, companies may face fines of up to £20 million or 4% of annual turnover.

It is possible to minimise the risk of data breaches by following a number of best practices:

  • Up-to-date Security Software
  • Regular Risk Assessments
  • Encryption and data backup
  • Staff training and awareness
  • Ensure vendors and partners maintain high data protection standards
  • Third party Data Security Evaluations

Leave a Reply

Your email address will not be published. Required fields are marked *


Our hollerings monthly roundup delivered directly to your inbox

Our monthly hollerings roundup delivered directly to your inbox