In-depth

Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

It was the data breach that kicked it all off a year ago this week, the government admitted HM Revenue and Customs had lost two discs containing records on 20 million people.

The tax body had dumped data on a third of the population including children onto a pair of unencrypted discs and sent them off with a courier, not once, but twice.

In the uproar that followed, more and more stories about data breaches in the public and private sector began to be noticed and reported. Indeed, since the mess at HMRC, some 277 such mishaps have been reported to data watchdogs at the Information Commissioner's Office (ICO). Lost USB drives, stolen laptops and even papers left on a train have left millions of people in this country open to identity theft and fraud not to mention, a bit pissed off.

The government responded with amusingly ignorant debates in Parliament and massive reports two were released in one day offering reams of advice on how to avoid another HMRC.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

But it's not exactly rocket science, now is it? In case you haven't been paying attention, we've gathered up the top 10 lessons to be learned from this year of data breaches.

Lesson One: The public wants to know about data breachesIt's no surprise newspapers jumped all over the HMRC incident. Uncovering a massive government error, caused by funding cuts and incompetence, is the stuff of happy dreams for journalists trust us on this one.

The tale of millions of records including banking details going missing because of such complete and utter foolishness didn't sit well with the public at all. And it shouldn't. Everyone affected faces identity theft and fraud because of incidents like this one; phishing attacks based on the HMRC debacle have already occurred, and those didn't even require the discs to fall into the hands of criminals.

So HMRC became a watershed. The odd big data breach was covered by the press before last November, but usually only if the story was connected to a large fine. Now, every lost laptop or misplaced memory stick was cause for a headline and outrage. The public you, me and everyone else had learned that poor data management could hurt them.

Unsurprisingly then, people have started calling for data breach notification laws. Companies are not legally required to tell their customers and citizens when data goes missing, but surveys have suggested the general public want such legislation, even if IT directors aren't so enthusiastic. Lesson Two: People can be sackedIt's something many people have called for over the past year someone to be held responsible for data losses. While the head of HMRC Paul Gray did step down after the breach, it was also for overall organizational concerns, which were certainly highlighted by the breach, but not the only symptom of troubles at the tax body.

But since then, laptops and USBs and discs have disappeared, and no one has been publicly sacked except in one case, involving Colchester Hospital.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020