The cybersecurity threat is a very real one, and it is something that all businesses need to be concerned about. It does not matter what industry you operate in, or how big or small your company is, you are a target. A lot of small business owners make the grave error of believing that hackers are only out to catch the big fish. That is not the case. Any business with personal and payment data, which let’s face it is all businesses, is a target for fraud and other crimes. With that in mind, we are going to take a look at some of the worst data breaches that have hit the UK.
In November 2016, mobile phone network operator Three revealed that it had suffered a data breach, and then again, in 2019. They stated that a hacker gained access using an employee login during a database upgrade. At the time, Three claimed that data of births, addresses, phone numbers, and names were taken, but that financial information was not stolen. The company said 133,827 of its 9,000,000 customers were impacted. However, as time passed, they revealed that the breach was worse than expected. The company went on to admit that 76,373 more customers were victims of the breach.
In 2017, the international health insurance provider and medical group Bupa, based in London, revealed it suffered a data breach that impacted 500,000 customers. The breach concerned its international health insurance plan. The company attributed the breach to a malicious employee, stating that he or she had copied information, including contact details, dates of births, and names. The company claimed that no medical information was attained and that they were taking legal action against the employee, who they sacked immediately after the ordeal. Bupa said that 43,000 of the total number affected had a UK address. As well as UK customers, overseas customers could have also been impacted by the incident.
TalkTalk received a record fine for their failings in the data breach that impacted 21,000 customers in 2015. A year later, they were ordered to pay £400,000 for the theft of customer details. The large fine was imposed after it was deemed the attack was carried out by hackers with ease because the security in place was so poor. The maximum fine the ICO can impose is £500,000, yet this has not been given out as of yet.
CEX, which is one of Britain’s largest retail franchises, suffered a monumental breach that impacted two million customers. Their personal details, including addresses and names, were stolen as part of the attack. The franchise chain said that the hackers unleashed a sophisticated attack that compromised their data. CEX did not give any further information concerning the breach and what they were doing to rectify it, but said they were working with the appropriate authorities, including the police, and had introduced additional security measures.
The Wonga data breach was definitely one of the most significant in the UK. The breach on the payday loan provider left up to a quarter of a million customers vulnerable. The data that was breached included full names, sort codes, account numbers, phone numbers, and home addresses. The company claimed to have cybersecurity procedures in place yet stated the attack was too sophisticated. The attack is one of the worst and biggest data breaches of all time involving financial information in the UK. It is believed that some people had their last four digits of their bank cards stolen as well, which can be used as part of the log-in process for online accounts.
Last but not least, we have the Uber case, which is shocking not only because of the breach itself, but the way in which the company acted. The breach impacted 2.7 million UK users, as well as 57 million drivers and customers across the world. But what makes this whole ordeal even worse is the fact that the company tried to conceal it. They instead paid hackers £75,000 to delete the data. In the incident, 600,000 drivers had their names and licence details compromised. Moreover, customers had their phone numbers, email addresses, and names exposed. The company offered nothing to the customers that had suffered either, but they did give drivers free credit monitoring protection.
No matter whether you run a big business with locations around the world or you have a very small one-man-band, which you operate from the comfort of your own home, you need to make sure that security is a priority. One of the biggest mistakes that businesses and individuals make is assuming that they are too small to be a target. However, even if you have only ever had one paying customer, it is your responsibility to make certain that the payment and personal data they provide you with are protected. This is why you cannot afford to cut corners when it comes to cybersecurity.
There are a number of different steps you can take, and the best approach is a multi-layered one. I would recommend taking a look at the best Mac updaters, as out-of-date software is an easy way in for cyber criminals today. You should also make sure you choose passwords carefully, and that you use different passwords for every log-in. Encryption of all data is also a must, as well as two-factor authentification. Make sure you use firewalls and antivirus software as well. You cannot afford to cut any corners!
As you can see, there have been some horrific and extremely damaging data breaches to hit companies and organizations in the United Kingdom. Do you really want to take the risk of your business being another one of these horrible statistics? A lot of data breaches today occur through third parties. This is why you need to make sure you partner up wisely. Don’t become the next data breach victim!