31 Aug, 2020
A data breach is a security incident whereby sensitive information is accessed by someone who doesn’t have the permission to do so. With the increased usage and development of technology issues like these have become more common than ever—this may be because of out of date software, targeted attacks or even weak passwords. Data breaches can damage a business, and may take years for some to recover from.
Examples of Data Breaches
There are many examples of data breaches such as employee error, social engineering, cyber-attacks, unauthorised access, ransomware, malicious insider and physical theft. Employee error is a reason someone may steal your data. Incidents that occur because of staff may be: not password protected databases or not installing updates to fix vulnerabilities which lead sensitive information being leaked. An example of this is mass sending emails without taking care of putting the recipients in the correct Cc or Bcc field. Unfortunately, the mistakes of employees can be costly.
Data Breach can affect millions of people
Marriot recently disclosed a new data breach that affected 5.2 million hotel guests who used the company’s loyalty app. They discovered the hacker gained access to data such as contact details of each customer, loyalty account information and room preferences, through using login credentials of two employees. We can regard this as a data breach because of employee error. Unfortunately, they believe the hacker gained access to information such as account passwords or payment card details. Marriot have launched a web portal for app users to check if they are one of the millions affected.
Cyber-attacks are when hackers attempt to target organisations by destroying their computer network or system. Cyber-attacks can occur using many methods. One example is brute force password hacks. The attackers aim is to submit many passwords using all the possible combinations to guess correctly—this is a use of trial and error to achieve what they want. The reason it is called ‘brute force’ is because they use excessive forceful attempts to gain entry into private accounts. Another method of cyber-attacking is malware. Malware is malicious software used to collect sensitive information, it also may cause your computer to slow down, send spam emails to your contacts or even delete and modify existing files.
Data Breach can be really expensive
One of the biggest data breaches of 2020 includes the case at EasyJet. On May 19th, 2020, it was revealed to the public that the company had suffered a cyber-attack. Information belonging to nine million people and 2,200 credit card records were exposed in this incident. The leaked personal data includes email addresses, full names and travel data. Because of the situation, they may face a liability of £18 billion or £2000 for every customer that was impacted.
Estee Lauder also suffered a data breach earlier this year. The results were a leakage of 440 million records. Despite the fact they don’t believe there was a direct risk to customers, they do think it may allow the cybercriminals to gain access to more files further down the line–creating a new path for malware.
Make sure the source is legitimate
Social engineering is an attack in which the criminals pretend to be a legitimate person or organisation. This results in misleading a user to give important, sensitive information or even give them access to a space that is unauthorised. The most common social engineering used by attackers is phishing—where victims are tricked into handing over information or are led to download malware that might ruin the organisation’s network. Phishing can happen through emails by sending malicious attachments or links to malicious websites. The emails are sent out, supposedly, from ‘legitimate’ organisations with a fake sense of urgency. This has also begun to be an issue within social media, with links to malicious content appearing in users’ direct messages from criminals.
Mistakes are easy to make
Virgin Media admitted a database with personal details of 900,00 people was left accessible online for 10 months. Although they claim the breach wasn’t because of a criminal attack but due to a staff member not following careful instructions, it still left an open space for potential phishing attempts.
Your system must be secured
Stealing information may be done through many methods such as social engineering. However, unauthorised access can be done by employees as well as an unknown visitor. This may happen if they’re left in an office alone and decide to search for sensitive information. Unauthorised access may occur due to poor implementation of appropriate security—allowing even their own employees to be the reason for such incidents.
Ransomware: the most common threat
Ransomware is said to be one of the fastest growing cyber security threat—with billions of different forms. This type of malware allows attackers to blackmail the organisation into giving sizeable sums or money for the decryption key to the files that had been encrypted. Often, it leaves the affected organisations with no choice but to give in to the demands. Ransomware is mainly spread through phishing emails, with most of them aiming to encrypt files or even lock computers. Taking part in routine checks to back up data is a great way to avoid ransomware from taking place, acting fast may also help avoid serious damage from being done.
The threat can be inside your organization
Malicious insider is another example of a data breach caused by employees, which highlights that those who work for you may be the reason your organisation is vulnerable. Not only may they aid external criminals to gain unauthorised access, but could be the criminals themselves. Reasons for someone being a malicious insider can be for a financial gain, might do it for revenge because they don’t think they’re being treated well in the workplace or they’ve lost their job.
Organisations and companies should also be aware of physical theft. Records of sensitive information in an office may be stolen, along with devices that hold important data. Not carefully disposing of paper records, being careless with electronic devices, or a potential thief realising you’re throwing things away may be the reason this occurs. Leading it into the wrong hands.
Data Breach will lead to a financial loss
Hackers tend to use the data themselves. Once they’ve combed for valuable information, such as financial details, login information and phone numbers, their aim is to monetise it. The attackers may use the information they’ve stolen to purchase items online, apply for credit cards, pay off their debts, take money from your bank account. However, they could also sell your data or even hold it to ransom.
The consequences of a data breach can be detrimental. Not only is a financial loss incurred but companies can face reputational damage, loss of sensitive data and a disruption in business operations. The financial impact a data breach can have is the most damaging one. Organisations would need to compensate the members effected, face a penalty for not following the GDPR and require an enormous investment in incorporating additional security measures. Reputational damage leads to customers refusing to take part in doing business with the organisations that have been breached as people value their data and want to be reassured it will not be stolen or compromised. Operational damage causes disruption in the operations of a business. Investigations always need to be conducted to find out what exactly the hackers have stolen—which could take days, weeks and months and for some the breach may be so severe that they need to completely shut the business down. Protecting yourself from data breaches is imperative. There are numerous ways to do so. A few examples include installing great security for your network, avoidance of mistakenly downloading malicious installs, using strong passwords and keeping your software up to date.
- What is a Data Breach?
- How do data breaches happen? Understanding your organisation’s biggest threats
- How do hackers make money from your stolen data?
- Marriott discloses new data breach impacting 5.2 million hotel guests
- EasyJet faces £18 billion class-action lawsuit over data breach
- Nintendo says 160,000 users impacted in recent account hacks
- 5 Damaging Consequences of a Data Breach
- Estée Lauder exposes 440 million internal records in security breach
- Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum
- Virgin Media data breach affects 900,000 people