And the award for the first high-profile data breach post-GDPR goes to – Dixons Carphone!
The announcement that the electronics retailer had suffered two incidents of cyber crime was shocking not just because of the magnitude of the breach, but also the timing. It came within days of new data protection laws going live.
Dixons Carphone – which trades under names including Carphone Warehouse, Currys PC World and Dixons Travel – had to admit to the theft of around 1.2 million general user data files. Which in turn meant the potential exposure of an eye-popping 5.9 million card details.
The company mitigated the admission by pointing out that the criminals had not gained sufficient data to be able to use the card information to create fraudulent payments. The majority of the cards involved are chip and pin protected.
Dixons Carphone’s chief executive Alex Baldock has been quoted as saying: “Cybercrime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”
The incident served as a reminder that the EU General Data Protection Regulation is the start of a journey, not a destination.
Dixons Carphone joins a prestigious list of “victims”
The move to create far more advanced data privacy and security rules under the GDPR arose from a growing understanding that Big Data means “Big Problems”.
The more transactions that occur online and the more personal information organisations gather and store, the richer the pickings for determined hackers.
In 2016 there was a 475% increase in data breaches compared to the previous year. To show the scale of this, it represents almost 54.5 million records left exposed by UK companies.
The organisations who have been caught out in recent years include some surprising names, including the NHS and government departments in the US. The list also includes the mighty tech company Yahoo, which admitted to the largest data breach in history; a grand total of one billion accounts.
Don’t think for one minute that the issue of data breaches is confined to the big players with the massive data stores though.
According to figures released by the UK Government, a large number of relatively small companies and even charities were the victims of cyber crime in 2017. This research found that more than 40% of businesses had been affected, and 20% of all charities. The most common source of these breaches or attacks was fraudulent emails.
So, though the Dixons Carphone announcement is viewed with horror, the company is far from alone in finding itself on the receiving end of ever more sophisticated hackers and fraudsters.
Data regulation is a guide, not a cure all
The GDPR is a signal for organisations to clean up their act, but this still requires them to bring in expertise and the latest systems to continuously outsmart the cyber crime fraternity.
The new law brings with it fines of up to £17 million or 4% of global turnover. However, introducing stringent cyber security measures to protect personal data is not just about avoiding penalties. It is also required to restore consumer trust and keep businesses trading.
The measures needed include using cloud services that offer the highest possible levels of security, and which use all available updates to best effect.