+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Reducing Your Data Breach Exposure

We think that it’s well worth talking about GDPR in the context of the last twelve months worth of data breaches that we have seen in the UK and believe that GDPR may help reduce at least some of your exposure.  You may already know that GDPR gives you the right to request companies delete all of data that they hold on you and we think that this is a great way to proactively remove your data from databases before they get breached (if they have not already been breached).

According to UK government figures more than half of UK businesses have suffered some sort of cyberattack. Being that there are something like five and a half million companies in the UK, we can infer that at least two million businesses in the UK have been attacked by cyber criminals at some point over the last few years.

If only a small number of those companies have your data, that data will be taken by the cyber thieves should the company ever suffer from a data breach in a cyber attack. Here are some of the most well known UK data breaches from the last twelve months alone, but there are many more and many of them go unreported.

Sports Direct – This data breach was badly handled by high street retailer Sports Direct, who didn’t report the breach until more than three months after it happened.  Cyber criminals made away with the personal information (including national insurance numbers) of 30,000 people which included Sports Direct employees.

ABTA – The association of travel agents and tour operators, ABTA, became the victim of a data breach in February 2017 which affected more than forty thousand people. Oddly the data stolen contained the personal details of people who had complained to ABTA, as well as the details of their complaints to the association.

Three – The UK mobile phone operator suffered a major breach in March 2017 when their data was stolen by hackers who made off with the personal details of more than two hundred thousand of Three’s customers.  This follows a similar breach Three suffered from in 2015 when yet more of their customer data was stolen.

Debenhams – In May 2017 a malware attack on the historic high street retailer Debenhams exposed the personal details of more than twenty six thousand of their customers, although the breach occurred through one of their partners, meaning that even if a company secures your data properly, their partners might not be.

Wonga – A particularly serious data breach that affected more than two hundred and fifty thousand of the payday lenders customer records in May 2017.  Because Wonga holds a lot of financial information on their customers, this data included bank account details, addresses, phone numbers and more.

Dixons – The high street electronics retailer suffered a major data breach when more than one million of their customers personal details were exposed, included names, home addresses and email addresses.  Hackers attempted to compromise 5.9 million credit card records from their processing system, but because most of these cards had chip and pin protection, the data did not include CVV codes or PIN numbers.

London Bridge Plastic Surgery Clinic – When this prestigious plastic surgery clinic (with celebrity customers) suffered from a cyber attack in October 2017, the extremely personal details of their customers were stolen including pictures of genital surgery and breast enhancement before and after pictures. This breach comprised their entire customer database and the associated customer pictures.

BUPA – When private health company BUPA managed to lose more than one hundred thousand customer records and the associated medical details, a data breach perpetrated by one of their own employees.  The employee was later discovered and arrested by the police, but that health data is still out there.

Against the backdrop of these and other UK data breaches, its fair to assume that there are some companies out there who are holding your data and who will at some point get breached.  The question that you have to ask yourself is “do these companies need to hold my data” and if the answer is no, then GDPR gives you the right to demand that they delete all of your data, the ‘right to be forgotten’.

The idea is that if a company does not have your data, then your data cannot be leaked if that company ever loses data in a cyberattack.  GDPR means that the days of companies hoarding your personal data, just because they can, are long gone.

Now there is no way of getting a list of all the companies who hold data on you, such a thing does not exist yet, but GDPR also means that companies who do hold your data have to contact you and ask for your permission to hold it.

A company needs your explicit consent in order to hold data on you and by law have to ask you for your explicit permission to hold this data.  Whenever a company contacts you and asks you for this permission, then you know they have some sort of data about you. Under GDPR you have the right to demand to see all of the data they hold on you and this is something that we think is well worth doing.

You need to ask yourself if the company really needs your data and if the answer is no, ask them to delete it and then to confirm its deletion to you as is your legal right.

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.