Beware unauthorised data access – are you protected?
In a widely reported data breach, it has been revealed that the data of 5.9million cards was compromised in processing systems for Currys PC World and Dixons Travel stores.
The company believes the hacking attempts began last July but fortunately, there is no current evidence of any fraudulent use of information so far. 1.2million personal data records were also hacked.
The company’s shares lost five per cent of their value when trading began following the disclosure but the firm could be losing far more, with a fine from the Information Commissioner’s Office (ICO) potentially reaching £500,000 – which was the value of the fine issued to TalkTalk following a major cyber-attack in 2015.
The case highlights the importance of assessing the risks of a cyber-attack and developing a plan to mitigate the impact of such an attack but there also needs to be a cultural change in businesses in general to keep up with the new privacy regulations, the General Data Protection Regulations (GDPR). If employees have not been trained to manage data and protect the privacy of business data, employers are likely to be subject to heavier consequences in the event of a breach or attack. Ignoring the risk is dangerous and any suspected breach must be reported to the ICO promptly to minimise damage. Small businesses in particular are not thought to have taken the GDPR regulations seriously and have ignored their obligations to train and inform staff of their data obligations.