2015 is behind us, and the change of year marks a good time to look back at the major breaches of 2015, and hopefully learn from the mistakes others have made in order to ensure that we’re not leaving ourselves open to being targeted in 2016. Some of the major breaches were:
Ashley Maddison: With approximately 37 million people signed up to Ashley Maddison (an affair dating site), attempted blackmail attempts on prominent members was initially feared after the database was compromised..
T-Mobile/Experian: With T-Mobile having approximately 15 million clients, they were concerned when they learnt that their credit check partner Experian had been breached, and the names, Social Security Numbers and sensitive identification numbers of their clients has been compromised.
Talk Talk: 157,000 of Talk Talk’s 4 million clients were affected following a breach in October. E-mail addresses, Names, Dates of Birth, phone numbers and bank details were amongst the data that was stolen. The compensation will “potentially run into millions” according to Talk Talk.
Marks and Spencer: Approximately 800 M&S clients had personal details exposed on-line following an internal error made whilst configuring the members card scheme “Sparks”.
Whilst the above list is by no means complete (it’s frightening just how many people were breached, either through internal error or because of a targeted attack), they do illustrate the importance of keeping data secure. Clients being blackmailed in order to return their data (albeit for different reasons than faced Ashley Maddison!) does happen. Internal config errors such as committed by M&S could potentially breach DPA rules – and with DPA rules changing from a £500,000 ICO fine, to a fine of 5% annual turnover or 100 million euros, the amount of compensation that Talk Talk are facing paying can only increase. Even when you do everything correctly yourselves, a relationship with a 3rd party (such as T-Mobile and Experian’s) can cause issues if the 3rd party is compromised.
Mandalorian can help you to deal with these threats through regular penetration testing, whether on a monthly, quarterly or annual basis, in order to recommend remediations in order to help minimise your risk of being featured in the “look back at 2016 breaches” article which will inevitably be written this time next year! For more information, please contact Rob Finney, on 01256 830 146, or at firstname.lastname@example.org