Data breaches are becoming more common. In 2021, the number of data breaches reported by organizations grew an average of 68%. In response, regulators, businesses and consumers are demanding stricter policies and transparency.
Top Data Breaches from 2017 – 2022
Year | Company | Impacted |
2022 | MailChimp | 100 Clients |
2022 | Pegasus | 6.5 Terabytes of data |
2022 | Harbour Plaza | 1.2 Million Customers |
2022 | Optus | 9.6 Million Customers |
2021 | Pixlr | 1.9 Million Users |
2021 | Bonobos | 12.3 Million Records |
2021 | Sociallarks | 200 Million Records |
2021 | 700 Million Users | |
2020 | CAM 4 | 10.88 Billion |
2019 | 533 Million Users | |
2017 | Aadhar | 1.1 Billion People |
2017 | Yahoo | 3 Billion Accounts |
Data breach regulations are rapidly changing, especially in Europe where the General Data Protection Regulation (GDPR) comes into effect in May 2018. The scope of this article is limited to personal data breaches, which occur when any third party or unauthorised user gains access to sensitive information without permission. These can have serious consequences for affected individuals as well as companies that suffer a breach. There are three stages that commonly precede a data breach: detection, prevention, and recovery.
Detection
A data breach can happen in a variety of ways. Many breaches start when an employee makes an unauthorised mistake or misuses data, but malicious attacks are also common. Most often, a breach is detected when a company’s security team or a third party alerts the organisation that data has been accessed or stolen. If a company tracks anomalies or unusual activity, they can more quickly detect when a breach occurs. Many breaches go undiscovered for years, especially in cases where stolen data is not connected to the original owners. This is a major risk in the healthcare industry, where patient information is often misused without the knowledge of the individual affected.
Prevention
Preventing data breaches is critical to protecting data. All organisations should have a comprehensive data breach prevention strategy as part of their broader cybersecurity efforts. The strategy should include:
- Data minimisation: Limiting the amount of sensitive data retained on company servers and systems, especially when it is not necessary for the business. If data is not needed for a legitimate business function, it should not be collected in the first place.
- Access controls: Limiting and controlling who can access sensitive data, including the ability to add, edit or delete.
- Encryption: Applying advanced cryptography to sensitive data to make it unreadable by anyone who does not have the decryption key. This can be done either manually with an encryption tool or automatically through an endpoint security tool.
Recovery
The goal of any data breach prevention strategy should be to minimise the impact of a breach. However, it is important to assume that a breach will happen and plan accordingly, including preparing a data breach response plan. A breach response plan should include:
- A plan to notify affected individuals: It is critical to notify affected individuals as quickly as possible. A breach notification can be made in a variety of ways, including sending an email, posting a notice on a website, or making the information public through media channels.
- A way to support individuals affected by the breach: Affected individuals may experience distress and anxiety. Companies should offer information about what happened, what steps are being taken to fix the breach, and what steps individuals should take to protect themselves.
- A plan to help mitigate the impact to the business: The impact on the business will depend on the type of breach and the organisation involved. It is important to respond quickly and take decisive action to limit the damage and help restore trust in the company.
Consequences of Data Breaches
Breaches have serious consequences for both individuals and businesses. Individuals can face serious consequences including –
- Identity theft: A data breach can result in identity theft and fraud, especially when the data stolen includes names, addresses, Social Security numbers, and other personal information. Credit card fraud, medical identity theft, and other financial problems can occur when criminals misuse identity data. Health data breaches can also result in medical identity theft.
- Damage to reputation: When companies suffer a data breach, they may face considerable public scrutiny. This can result in damage to the company’s reputation and brand, as well as that of the breached organisation.
- Financial costs: Individuals affected by a data breach can shoulder significant costs, including expenses related to credit monitoring, identity theft protection, and other protective measures. This can add up to thousands of dollars per person.
Statutory Responsibilities After a Breach
In addition to the damage done by breaches, regulators are imposing fines and other punishments for inadequate security measures and data breaches. The GDPR includes heavy fines for data breach violations. If a company’s data breach results in a significant data breach, it can be fined up to 4% of its annual global revenue or €20 million (whichever is greater). If a company’s data breach does not result in significant harm to individuals, it can be fined 2% of its annual global revenue or €10 million (whichever is greater). The U.S. Federal Trade Commission (FTC) also has the authority to impose penalties for data breach violations.
Rights for Data Breach Victims Under the GDPR
Individuals affected by a data breach under the GDPR will have a number of rights, including:
- Notification: Companies must notify individuals affected by a data breach ‘without undue delay’ after they become aware of it. This must be done ‘without delay’ if the breach is likely to result in ‘high risk’ to the individuals involved. Individuals also have the option of requesting timely notification.
- Complaint: Individuals can file complaints against companies that violate the GDPR. This can be done to a relevant supervisory authority, such as the ICO in the UK, or a court of law.
- Compensation: Individuals can file a complaint for damages if the breach results in ‘damage’. This includes harm caused by financial loss, the cost of measures to mitigate the damage, and the non-financial damage such as the damage to reputation.
Conclusion
Data breaches are a common threat in the modern digital world. Breaches can happen through malicious attack or human error, and can result in serious consequences for both individuals and businesses. The best way to prevent data breaches is through strong cybersecurity policies and employee training.
About Ns3TechSolutions:
The SOC services provided by Ns3TechSolutions (on-premises and in the cloud) offer customers a reliable partner that fills a gap in IT security. We provide email security, threat intelligence, ongoing detection, prevention, and response for business. As a team, we monitor and manage events 24X7, report on incidents, and send actionable notifications against susceptible incidents. Our security experts implement industry-leading SIEMs and automated response capabilities to satisfy security and compliance goals, decrease the risk of data breaches, and save money on operational costs.
For further information-
Visit Our Website 🌐 : www.ns3techsolutions.com
For Queries-
Call us 📞 +91-981 055 7611
Email us 📨 [email protected]