The Data Privacy & Tailored Risk Blog

All the major data breaches in 2018 - PrivIQ

Written by Nick Eckert | Dec 13, 2018 5:00:00 AM


Why is data breach becoming a household word? Because personal data has become hot property for all kinds of companies that want to use it for commercial advantage, whether that be making market assessments or for direct electronic marketing or to demand a ransom, and they’re going to such great lengths to get this data that social networking sites are now targeted as often as big corporate sites.
In the past few years there have been hundreds of thousands of data breaches worldwide. In 2018 alone thousands hit small to medium-sized firms and a staggering number hit multinationals. We’ve highlighted a few of the most alarming ones, reminding us at the same time that data breaches affect all industries. The point is that every business with an online presence – no matter how big or small it is – is vulnerable to cyber attack and needs online protection.

Hospitality industry: Marriott leads the way

Last week the multinational hotel group Marriott reported that 500 million of their guests’ data had been compromised over the past few years due to a security flaw and that for more than 300 000 of them, their names and phone numbers, email addresses, birth dates and passport numbers, plus their arrival and departure details had been stolen.

Social networking: Google+ forced to shut down

The Facebook breach hit 50 million users as a result of another security flaw in the “View as” functionality of the site. Facebook has been fined £500 000 by the UK’s ICO for not protecting the personal information of UK residents.
Google + delayed its announcement that 500 000 of its users’ data were breached, exposing their names, occupations, email addresses, gender and age and, instead of dealing with its security vulnerability, decided to shut down Google + for enterprise use.

Transport industry conveys credit card details

British Airways announced that 380 000 card payments were compromised, and that personal and financial details of its customers were hacked. It could also face a £500 million fine if, after investigations, the ICO decides to take action.

Retail industry

German sportswear giant Adidas didn’t give an exact figure of how many customers’ data was stolen from its US site, simply saying that a few million had their addresses, email addresses and encrypted passwords stolen by cyber criminals.

Telecommunications

Multinational electrical and telecommunications retailer Dixons Carphone reported that six million of their customers’ payment card information had been accessed plus 1.2-million personal data records. After the announcement, Dixons Carphone shares dropped by three percent and they await the verdict of whether they face a £400-million fine because, in technical terms, the GDPR wasn’t yet in force when they announced the breach.
These breaches could’ve affected you or me. We’ve been giving our personal details out for years, oblivious of the wave of cyber crime that would wash over us. Now that the GDPR is in force and businesses realise they need to become compliant with the privacy regulation, there’s hope that our personal information will start becoming safer.
There’s really no excuse for non-compliance now as there are dedicated compliance services available to help businesses become GDPR compliant.

CLAIM FOR FREE TRIAL