Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

Or that's what a few organisations learned this year.

An Oxford man bought a computer on eBay for just 35. Quite a bargain, given it held the banking details, credit card numbers and even signatures of a million people. Apparently, the device was sold by an "ex-employee" of digital document company Graphic Data.

Kirklees Council found itself the subject to a potential data breach after a virtual private network (VPN) server a supplier previous used was sold on eBay for just 99p. Not only did the buyer win the Cisco equipment for one heck of a discount, but security codes were still programmed onto the device when it was hooked up, it reconnected to the council's private servers without any prompting. Whoops.

Another savvy shopper got more than they bargained for via the auction site after successfully bidding on a second-hand camera for just 17. Not only did the buyer win a Nikon digital camera, but also a memory card complete with photos and documents relating to suspected terrorists being investigated by the device's previous owner, MI6. James Bond would be ashamed.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Lesson Nine: Shopping online isn't perfectly safeNo, it's not time to panic. The vast majority of online transactions are carried out without any trouble at all. But when it goes bad, it can be ugly, as mail order clothing retailer Cotton Traders found this summer.

Hackers managed to steal the credit card details of as many as 38,000 customers from the online clothing shop, including enough information to leave people open to card not present' fraud.

And although the attack happened in January, customers were not alerted to it until June. How many of them do you think will do their Christmas shopping online this year?

Indeed, a survey by Symantec suggested 93 per cent of people wouldn't hand over the details to a firm which had already had a breach makes you wonder what the other seven per cent are thinking?

Lesson 10: Data breaches can cost you. A lot.According to research by the Ponemon Institute, the average cost of a data breach by record is 47.

About half of that cost is from lost business, with the rest from detection, notification, and cleaning up after the fact such as issuing new account cards or helping victims avoid fraud. Based on the study, the 25 million records lost by HMRC cost some 625 million.

Advertisement - Article continues below

At the time, Quocirca's Bob Tarzey said: "There is no evidence that the HMRC data loss last year cost anything it terms of the data actually being use to exploit tax payers as it is not even clear that the data reached the public domain, however, the cost to HMRCs reputation was immense, if it had been a company this may well have led to a share price drop."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020