Unfortunately significant database breaches tend to make the headlines every few months, meaning there is no shortage of examples for discussion in ITGS lessons. Also on the rise are 'ransomware' attacks, where hackers encrypt users' data and demand payment to decrypt it. Some companies have paid up to $40,000 to get their data back. Examples of database breaches include:
November 2016: Mobile phone company Three suffered a security breach when criminals used an authorised Three login to access the company's database and steal personal details. The details were used to intercept expensive mobile phones being sent to customers as upgrades.
September 2016: Yahoo confirmed a 'state sponsored' hacker stole personal data from 500 million accounts back in 2014.
September 2016: Talk Talk were fined £400,000 over the theft of more than 150,000 customer details
August 2016: Personal details of up to 2.4 million people may have been stolen from Carphone Warehouse
August 2016: Accounting and payroll software company Sage said its systems were compromised and data for 280 UK businesses may have been stolen.
August 2016: Yahoo investigated a data breach in its MySpace and LinkedIn divisions, after it was claimed 200 million Yahoo IDs were stolen.
June 2016: The personal details of 112,000 French police officers became publicly available after a disgruntled worker for a support company uploaded them to Google Drive.
June 2016: Chinese hackers were suspected of stealing the details of almost 4 million people from the Office of Personnel Management (OPM), a branch of the US government
April 2015: the US Office of Personnel Management revealed a hack had exposed 1.1 biometric records to unauthorised access. In September 2015 this number was increased to 5.6 million fingerprints.
The textbook details several cases of lost data by the British government, including the Ministry of Defence's loss of personal data of 600,000 people. Many organisations have lost data, including 132 UK councils, the National Health Service (memory stick left on a train), and even NASA (stolen laptop). Meanwhile, Computer World reports that over half of UK firms have lost data in security breaches.
Not to be outdone, the HMRC lost sensitive personal data of 25 million people after sending it out, unencrypted, on two CDs - which were subsequently lost.
Under the Data Protection Act, companies can be fined for losing sensitive data, and in a few cases this has happened: Zurich Insurance was fined £2.3m in 2010, Shopacheck was fined for losing data on over half a million customers in 2012, and the NHS was fined £200,000 for losing the data of 3,000 patients in 2013.