Australia’s mandatory data breach notification laws a little over a week old…. 2,234,633 worldwide recorded data breaches for February 2018
March 3, 2018 |
It Governance compiles monthly and annual records of recorded data breaches. For February 2018 it calculated that there were 2,234,633 data breaches. A significant number but lower than previous months. That was not because of a change of heart by criminals and a vow to mend their evil ways or better cyber protection by organisations but rather that ransomware is becoming a bigger part of cyber criminals activities. Verizon has published its 2018 Protected Health Information Data Breach Report which identified 1,368 incidents covering 27 countries. In analysing the data Verizon concluded:
- 58 % involved insiders, often driven by:
- financial gain (48 %);
- curiosity in looking up the personal records of celebrities or family members (31 %); or
- convenience (10 %).
- 70 % involving malicious code were ransomware attacks.
- 27 % related to data breaches involving paper records such as prescription information sent from clinics to pharmacies, billing statements issued by mail, discharge papers physically handed to patients, or filed copies of ID and insurance cards
- 21 % involved lost and stolen laptops which were unencrypted .
Now that the legislative scenery has changed, and mandatory data breach notification laws mean that a failure to notify persons of data breaches and notify the Information Commissioner means that action can be taken for that failure. At minimum an organisation should have a data breach response plan. There is too much complexity in both the legislation and dealing with a breach to try to devise one while dealing with a data breach.
As a timely reminder of the ongoing cost of data breaches Equifax, one of America’s largest credit reporting bodies, has advised that another 2.4 US million citizens have had their personal information compromised, with their names and drivers’ licences stolen., arising out of a massive data breach in 2017. That brings the total number of persons affected by the breach to 147.9 million. The ongoing costs to companies like Equifax are significant, including the possibility of a class action. There are other costs, such as the US city of Allentown’s computer systems being infected with a virus during a data breach where in a security breach which will cost almost $1,000,000 to fix.
