It’s fair to say that last year was a big year in terms of data protection. With over three billion records breached, it gave many organisations big problems to contend with and this year has arguably been worse. This year should act as a wakeup call for all organisations and if this pattern continues into 2018 breaches like these will be met with eyewatering fines. Here are just some of the most notable data breaches this year so far.
One of the biggest accountancy firms in the world, suffered a data breach in September where confidential emails and the plans of some of its blue-chip clients had been compromised. In relation to GDPR- the fines under which sit at 4% of global turnover (or 20m euro whichever is higher) - Deloitte, who had a turnover of $38.8 billion in the last financial year could have faced a fine of over $1.5 billion.
Last month also saw a huge data breach within Equifax, the US credit monitoring agency- which has already seen the personal data of 143 million US customers accessed or stolen in a massive hack in May this year. The stolen data includes names, dates of birth, email addresses and telephone numbers, and although the hack was discovered in July, consumers were only informed in early September which would breach GDPR.
The much maligned payday loans company confirmed a breach in April of this year that affected more than a quarter of a million lenders. The breach came only a few months after a hacker stole £2.5 million from customers at Tesco Bank.
In August, the second-hand games, DVDs and hardware retailer had around two million customers’ details compromised. This included names, addresses, email addresses, phone number and, even, encrypted credit card information from as far back as 2009.
One of the biggest telecom companies in America had six million of their customer’s details left online for around nine days. Was this the result of some nefarious hacker? Surprisingly no, it was a simple misconfiguration setting on a cloud server that led to the details being posted online. The flaw was spotted by a security firm and the server had been owned by third party firm NICE Systems, a vendor for Verizon. However, this is proof that it is not only phishing, malware and other cyber-attacks that pose a threat, sometimes it can be an issue of sheer forgetfulness.
This article could go on and on and on. The AA, Deep Root Analytics, OneLogin, Chipotle, HipChat, PlayStation etc. have all had data breaches this year and millions upon millions of personal data compromised. This isn’t a case of just small operations having difficulty with data breaches. These are some of the biggest organisations in the world struggling to protect their consumer’s personal data.
With the arrival of GDPR next year, organisations big and small need to get their house in order. They need to have clear plans and solutions in place in relation to the data they carry or run the risk of huge fines that could crumble even the biggest organisations.
Is your organisation ready for the arrival of GDPR? Do you think we will see eyewatering fines in 2018 for those companies that suffer a data breach?