Two serious data breaches in the UK highlight the serious consequences that come from data breaches
August 14, 2023 |
It has been a dreadful week for cyber security in the United Kingdom. First, on 8 August the UK electoral commission publicly announced that it had detected access to its data in October 2022. It determined that the first attack had occurred in August 2021. The attackers gained access to its electoral registers, holding information of registered voters between 2014 – 2022. That has prompted an investigation by the Information Commissioner. Given the attack exposed 8 years of voter data and that the attack first began in 2021 there will some serious questions asked about data retention and security practices by the UK Electoral Commission.
The Police Service of Northern Ireland has been hit with 2 data breaches; the first involving publication of personal details of $10,000 officers accidentally being published on line while the second involved the loss of a laptop and documents which contained details of 200 officers. In the latter case the loss of the laptop occurred on 6 July 2023 while the officers whose personal information was compromised were not informed for a month. Very poor practice. Given the fractious state of politics and the history of police being targeted by extremists in Northern Ireland it is a terrible situation which has given rise to some well deserved hand wringing.
There is no room for complacency in Australia. In July 2023 Home Affairs leaked personal data of 50 small businesses.