Tag Archives: Equifax

Egress Software Technologies CEO responds to ICO’s Data Security Incidents Report for Q2

On Friday 16 November, the Information Commissioner’s Office (ICO) published its Data Security Incidents Report for Q2 2018. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO.

On 18 July 2018, the Independent Inquiry into Child Sexual Abuse (IICSA) was fined £200,000 for revealing the identities of abuse victims in a mass e-mail. On 9 August, Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, was fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.

On 20 September, Equifax Ltd was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017 and, on 28 September, BUPA Insurance Services was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

ICOLogoWeb

Tony Pepper, CEO of Egress Software Technologies, commented: “Looking at this report, it’s no surprise that the number of data security incidents filed to the ICO has continued to increase with no signs of plateauing. Overall, there has been a 29% increase in the number of reported data security incidents, from 3,146 between April and June 2018 to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017.”

Pepper continued: “Similar to the statistics we observed in the ICO’s previous report, this doesn’t necessarily mean that organisations are experiencing more incidents, but it definitely does mean that more are now being reported. The increased awareness for organisations to tread carefully has been fuelled by the General Data Protection Regulation, as well as the significant data breach incidents that recognisable brands have suffered in recent times.”

In terms of the monetary penalties, fewer fines were issued between July and September compared to those issued between April and June, with £875,000 issued under the Data Protection Act in the most recent complete three-month period.

Significant growth in data incidents

Although the report doesn’t summarise the type of incidents reported, it does detail the sectors that have experienced significant growth in these incidents. These include general business, which has experienced an increase of 87%, finance with 49%, insurance and legal with 63%, media with 633% and transport and leisure with 57%, while Government, at both the central and local level, experienced a 14% increase.

“We have also seen an organisation fined for unlawfully selling personal data, while Equifax was fined the highest amount under the Data Protection Act (£500,000) for a cyber attack that exposed the personal information of up to 15 million UK citizens.”

ElizabethDenhamICO

Information Commissioner Elizabeth Denham

Pepper added: “Clearly, there’s not only an issue with external attackers illegally obtaining and hacking an organisation’s systems to obtain data, but also with internal employees – and companies as a whole – misleading the population on why their personal data is being collected and how it will be used. As a result, organisations should be vigilant when it comes to ensuring data security protection is in place, and especially so to combat internal threats.”

Pepper feels that organisations should take a user-centric approach to data security, ensuring that every employee – from C-Suite executives to the average worker – is as security savvy as they need to be. This philosophy has been highlighted in recent Egress research, which revealed that 20% of an organisation’s employees don’t know what kinds of personal information should be protected when sharing data via e-mail.

“By taking a user-centric approach and equipping staff to protect personal data through technology that supports and secures the work they do,” urged Pepper, “as well as more training and awareness of what constitutes the mishandling of personal data, organisations will be able better placed to mitigate the chances of external and internal data security incidents.”

Leave a comment

Filed under Risk Xtra

Banking fraud rises by 13% as criminals continue to wreak havoc

Crime figures just issued by the Office for National Statistics show that banking and credit fraud has risen by 13% in the year ending June 2016.

John Marsden, head of ID and fraud at Equifax, commented: “Companies have stepped up their fraud protection with multiple layered fraud defences, but this often moves criminal activity to those channels that are less well protected. Fraud is a surprisingly professional industry. The number of cases continues to rise as criminals find new ways to access information, often fuelled by a deep understanding of their target’s identity. Underlying this is the sharing of knowledge and consumers’ personal information across marketplaces on The Dark Web.”

Marsden went on to state: “Consumers must take steps to protect themselves from falling prey to fraudulent behaviour. People are without doubt confused about where to store and share confidential information like their bank account number, sort code and even their date of birth. As consumers seek the convenience and speed offered by digital correspondence, so they potentially position themselves in front of fraudsters who will steal this information to gain access to accounts and financially exploit individuals.”

fraudillustration

According to Marsden, data shared on The Dark Web cannot be treated as a one-time event. The data never truly vanishes and can spread globally in a short amount of time, enabling criminals to fraudulently takeover accounts and identities.

“To reduce the risks and damage associated with fraudulent activity,” observed Marsden, “more needs to be done to educate the public and give them a stronger chance of protecting themselves. The advice is very clear: remain vigilant and only share your details when you’re sure the channel is secure.”

It’s worth bearing in mind the following guidelines when handling personal information:

  1. Do not do your online banking in public places and definitely do not use public Wi-Fi (criminals can set up bogus public Wi-Fi ‘hotspots’ to access devices and information)
  2. Never respond to unprompted banking messages unless you are absolutely certain the request is genuine (ie when you have spoken with your bank to confirm)
  3. Be very aware of domain names online and the security signs visible in a browser. Make sure you log on to a banking website at a web address you know and not via a link
  4. Never provide any banking details to a third party you don’t know or are unsure about (in part or as a whole)
  5. Avoid unnecessarily sharing details such as your name, address and date of birth

Leave a comment

Filed under Risk UK News, Uncategorized