Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
Or that's what a few organisations learned this year.
An Oxford man bought a computer on eBay for just 35. Quite a bargain, given it held the banking details, credit card numbers and even signatures of a million people. Apparently, the device was sold by an "ex-employee" of digital document company Graphic Data.
Kirklees Council found itself the subject to a potential data breach after a virtual private network (VPN) server a supplier previous used was sold on eBay for just 99p. Not only did the buyer win the Cisco equipment for one heck of a discount, but security codes were still programmed onto the device when it was hooked up, it reconnected to the council's private servers without any prompting. Whoops.
Another savvy shopper got more than they bargained for via the auction site after successfully bidding on a second-hand camera for just 17. Not only did the buyer win a Nikon digital camera, but also a memory card complete with photos and documents relating to suspected terrorists being investigated by the device's previous owner, MI6. James Bond would be ashamed.
Lesson Nine: Shopping online isn't perfectly safeNo, it's not time to panic. The vast majority of online transactions are carried out without any trouble at all. But when it goes bad, it can be ugly, as mail order clothing retailer Cotton Traders found this summer.
Hackers managed to steal the credit card details of as many as 38,000 customers from the online clothing shop, including enough information to leave people open to card not present' fraud.
And although the attack happened in January, customers were not alerted to it until June. How many of them do you think will do their Christmas shopping online this year?
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Indeed, a survey by Symantec suggested 93 per cent of people wouldn't hand over the details to a firm which had already had a breach makes you wonder what the other seven per cent are thinking?
Lesson 10: Data breaches can cost you. A lot.According to research by the Ponemon Institute, the average cost of a data breach by record is 47.
About half of that cost is from lost business, with the rest from detection, notification, and cleaning up after the fact such as issuing new account cards or helping victims avoid fraud. Based on the study, the 25 million records lost by HMRC cost some 625 million.
At the time, Quocirca's Bob Tarzey said: "There is no evidence that the HMRC data loss last year cost anything it terms of the data actually being use to exploit tax payers as it is not even clear that the data reached the public domain, however, the cost to HMRCs reputation was immense, if it had been a company this may well have led to a share price drop."