Carphone Warehouse have been ordered to pay a fine of £400,000 (over €450,000) to the UK Information Commissioner’s Office, one of the largest fines the ICO has ever issued to a company. A data breach at Carphone Warehouse occurred in 2015, which subsequently led the ICO to investigate the company and discovered a series of “systematic failures” in security practice. The severity of the fine reflected the fact that up to 3 million customers’ data was compromised, in addition to the data of a further 1000 employees. The data itself was also considered extensive by the ICO, as names, addresses, phone numbers, marital status and dates of birth were all leaked. It is further believed that some 18,000 customers had payment card details leaked as well.
In a case that has set a new precedent in data breach law, UK supermarket giant Morrisons has been found liable by a High Court for the actions of a former staff member who purposely leaked payroll data for thousands of employees. The decision was reached as part of a class-action lawsuit brought against Morrisons by over 5000 current and past employees of the company, and was in relation to an incident that took place in 2004 – where an employee posted 100,000 employees’ personal details on the internet. This personal information included bank details, salary, insurance information, phone numbers and addresses. Lawyers have refereed to this ruling as a “landmark” decision, as it was the first class-action suit filed over a data breach in the UK, and ruled that Morrisons was liable to owe compensation to the victims despite the judge ruling that Morrisons had not been at fault in any way. However, this case is very much in keeping with current trends in regulation to fiercely protect user data, and the high expectations being placed to companies to ensure this.
The High Court decided in a landmark ruling that Morrisons must compensate the victims of the data breach, despite not being at fault
The Central Statistics Office has admitted to a data breach involving an error by a staff member, leading to a sever breach of data protection rules. Reports were made last week that a past employee for the CSO has been sent P45s of other past and present employees in error. The past employee was outraged at the time, as she believed that 1000 people’s records had been breached.
The CSO has since issued a “sincere apology” for the incident, and volunteered that the incident had not affected 1000 people, but had actually concerned 3000 former employees.
The Central Statistics Office has apologised for a staff error which sent 3000 P45s to a past employee – a catastrophic data breach
Uber is back in the hot water again after it has revealed that over 57 million records were exposed in a 2016 data breach, which it subsequently covered up. This news comes not long after Uber ousted founder and CEO Travis Kalanick, who was suceeded in August by Dara Khosrowshahi. Kalanick was forced out of his own company due to a litany of scandals, and now Khosrowshahi is keen to do things the right way – hence the fresh statement declaring the breach. However, this has put Uber into a very troubling situation as not only do they face legal action for covering up a data breach, but it has also revealed an incredibly poor security culture within the company.
Uber will already be subject to regular external data audits for the next 20 years due to a previous, much smaller data breach
Traditionally, cyber security has been seen as an IT department’s problem. They make sure everyone has antivirus on their PCs and take care of the firewall – and as long as they’re doing it right, then everyone else is safe… right? This has lulled users and business owners into a false sense of security of late, believing that cyber security simply isn’t their area or that it’s not in their job description. However, this attitude is now being taken advantage of in a big way by cyber criminals, who have discovered that individual users are much easier to target and deceive. As a result, users often takes actions which inadvertently allows the hackers to bypass the IT security systems. Traditional antivirus is dead, and even more advanced next-generation antivirus simply can’t stop the most deadly attacks. Now, everyone in an organisation has a part to play in keeping it secure, from the bottom all the way up to the CEO.