Shane Chambers No Comments

Central Statistics Office P45 Data Breach Caused by Human Error

The Central Statistics Office has admitted to a data breach involving an error by a staff member, leading to a sever breach of data protection rules. Reports were made last week that a past employee for the CSO has been sent P45s of other past and present employees in error. The past employee was outraged at the time, as she believed that 1000 people’s records had been breached.

The CSO has since issued a “sincere apology” for the incident, and volunteered that the incident had not affected 1000 people, but had actually concerned 3000 former employees.


The Central Statistics Office has apologised for a staff error which sent 3000 P45s to a past employee – a catastrophic data breach

Read more

Shane Chambers No Comments

Uber: How Not to Handle a Data Breach

Uber is back in the hot water again after it has revealed that over 57 million records were exposed in a 2016 data breach, which it subsequently covered up. This news comes not long after Uber ousted founder and CEO Travis Kalanick, who was suceeded in August by Dara Khosrowshahi. Kalanick was forced out of his own company due to a litany of scandals, and now Khosrowshahi is keen to do things the right way – hence the fresh statement declaring the breach. However, this has put Uber into a very troubling situation as not only do they face legal action for covering up a data breach, but it has also revealed an incredibly poor security culture within the company.


Uber will already be subject to regular external data audits for the next 20 years due to a previous, much smaller data breach

Read more

Shane Chambers No Comments

Credential Stuffing

Credential Stuffing is a common practice in cyber crime where a hacker or cyber criminal gains access to a user’s email addresses and password, and proceeds to try that password against other accounts/services belonging to that individual. This is performed based on the knowledge that users often reuse the same passwords between different accounts/services, albeit sometimes with slight variations.

This is a highly effective means of attack, as users may change passwords for services that they are aware have been breached, but may not think to change that password where it is in use on other accounts. Credential stuffing is also commonly used when attempting to commit identity theft against a user.

It is highly recommended that all users do not reuse passwords between services, and to use a password manager if required to help them remember distinct, secure passwords.

Shane Chambers 1 Comment

Cyber Security Is Not Just for IT – It’s for Everyone

Traditionally, cyber security has been seen as an IT department’s problem. They make sure everyone has antivirus on their PCs and take care of the firewall – and as long as they’re doing it right, then everyone else is safe… right? This has lulled users and business owners into a false sense of security of late, believing that cyber security simply isn’t their area or that it’s not in their job description. However, this attitude is now being taken advantage of in a big way by cyber criminals, who have discovered that individual users are much easier to target and deceive. As a result, users often takes actions which inadvertently allows the hackers to bypass the IT security systems. Traditional antivirus is dead, and even more advanced next-generation antivirus simply can’t stop the most deadly attacks. Now, everyone in an organisation has a part to play in keeping it secure, from the bottom all the way up to the CEO.


Hackers are now finding it easier to target regular users, who often lack cyber security training, than to try and bypass complex technical measures put in place by IT

Read more

Shane Chambers No Comments

Studies Show Many Businesses Confused or Unprepared for GDPR

With the EU General Data Protection Regulation (GDPR) only 8 months away from coming into force, surveys are showing that many businesses across the UK and Ireland are still confused about exactly what the regulation means for them, and may be unprepared for GDPR. A survey conducted of over 1000 IT decision makers revealed that 64% were unaware that customers’ birth dates are considered personally identifiable information (PII), which is especially worrying as any mishandling of such data could constitute a breach of the GDPR and result in fines of up to €20 million. 42% did not realise that email marketing databases contained PII, 32% did not consider physical addresses to be and 21% did not even consider customer email addresses to be PII. In contrast, 85% of these survey respondents reported that they have reviewed the GDPR requirement thoroughly and 79% believe they have done everything they need to do to secure their data. This disparity marks a worrying trend for businesses, big or small.


The GDPR comes into full effect on the 25th of May 2018 – and no one wants to be made an example of

Read more