If we are honest, the news of a data breach no longer comes with a shock, as they are happening on a more and more regular basis in the UK and globally.
In light of this increasing regularity and severity there was a broad selection to choose from when formulating this list of five of the worst, and we have aimed to include landmark instances that span recent years.
A clear change is evident in reflection on previous years, as cybersecurity awareness is only now beginning to reach people more widely. It is now essential that all people have a degree of understanding when it comes to maintaining their own security.
With GDPR on the horizon and a major talking point in the UK, for organisations it is no longer a matter of ‘should’ when it comes to learning about security and implementing data protection measures. The General Data Protection Regulation (GDPR) will now land in mere months, and organisations cannot afford to be complacent.
Looking back on these major breaches is also in determining whether the time is right for passwords to stand aside and allow biometrics to take over, meaning that vast password caches were not placed in one spot, waiting to be stolen.
The data breach experienced by payday loan company, Wonga, this year was a landmark incident that left up to a quarter of a million customers vulnerable through the loss of critical personal information.
Up to 245,000 could have been affected with home addresses, phone numbers, bank account numbers, sort codes, and full names among the breached data
In a statement on the incident, Wonga said this: “We take issues of customer data and security extremely seriously. Cyber attacks are, unfortunately, on the rise. While Wonga operates to the highest security standards, these illegal attacks are unfortunately increasingly sophisticated. We sincerely apologise for the inconvenience and concern this has caused.”
Wonga made no excuse, simply explaining that they had all of the cyber security precautions and defences in place, but were victim to increasingly sophisticated attackers.
The message here is one that is being shared widely, that no one can guarantee security at this moment in time, making the battle one of mitigation rather than the castle walls and drawbridge of the last cyber security era.
This high profile attack is one of many influential instances that have raised awareness to cyber security, encouraging organisations to leave no stone unturned in their cyber security plans.
How much was stolen in the Tesco Bank hack?
Towards the end of 2016, money was stolen from 20,000 customer accounts, a major bank robbery of the cyber age.
While this figure is already substantial, the actual number of accounts breached was around 40,000. This number was included by Tesco Bank CEO, Benny Higgins, who announced that half of the total breached accounts had money stolen from them.
It is thought that the figure amounted to around £2.5 million.
“Tesco Bank can confirm that, over the weekend, some of its customers’ current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently… “We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank.” said CEO, Benny Higgins.
This attack, and the Wonga attack stand out in similar ways, this is because they prove that businesses protecting not only the data of customers, but also the money of customers, still cannot guarantee security to their customers.
The psychological effect of this is noteworthy, as the security of keeping money with a bank is expected naturally, particularly by older generations. This instance poses many questions for the future of money, and the security of banks.
A landmark hack for the UK hit which telecoms provider?
The 2015 breach of TalkTalk breach is another significant landmark and point of reference that is still spoken about today.
Around 157,000 personal records were breached by the hackers, who were able to locate a website weakness and execute an attack. This figure however is not the concerning detail in this instance, as there was already at least one other breach that affected the company in the space of a year.
TalkTalk made it onto this list on the one hand due to the number of breaches in a short space of time, but predominantly because of how widespread the news was in the mainstream. These attacks began raising awareness to breaches, building towards the new heights of cyber fear that the UK, and the world are now gripped by.
The company’s CEO, Baroness Dido Harding did not do the gravity of the situation justice, somewhat playing down the severity. This reaction will be relegated to the past when GDPR arrives, as such a data breach could incur crippling penalties.
Another supermarket up next, with an employee eventually arrested for the cyber crime
This 2014 breach is on the list as it was carried out from the inside by an employee who was ultimately arrested. A database containing the details of 100,000 employees was leaked.
In this example another important trend is revealed, the need to also secure the organisation from the inside, and to implement measures to prevent an employee acting maliciously from within.
The issue is drawing attention regarding the implementation of new technologies, such as further use of biometrics to make certain areas accessible to less people, or even individuals, narrowing the likelihood of sensitive data being accessed from within.
Despite new ways of protecting against this eventuality, insider threats will remain a great concern to organisations as they are very hard to control.
Other new technologies that allow data to be viewed but not moved or copied may also prove effective in inside out protection.
Up next is the hack to end all hacks – the biggest to date
A list of worst data breaches could not be formed without including Yahoo, the recipient of a number of breaches that had an impact on the UK due to there being a significantly large number of customers in the UK.
Keeping to the rhythm of our list we will include 2013. Concluding our list on a really shocking example, in 2013 Yahoo was hit by a breach that resulted in 1 billion accounts being affected, and you guessed it, it was record breaking.
The details that were made vulnerable in this breach included security questions (and the answers), email addresses, names, and telephone numbers. Encrypted and unencrypted information was also accessed during the breach. This vast number led to international damage, including effecting the UK.
The worst press for Yahoo did not come from the vast figures, but from the fact that the breaches were disclosed late. GDPR is very pertinent to this, as a key factor of the new regulation is the requirement for all companies to immediately disclose a data breach, protecting the interests of investors and customers.