NOTE: This document, while intended to inform our clients about the current data privacy and security challenges experienced by IT companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.
A record $230 million GDPR fine against International Airlines Group—the parent company of British Airways—was announced today by the U.K.’s Information Commissioner’s Office (ICO). The fine stems from the airline’s massive data breach last year, which exposed the records of more than 500,000 customers who made payments through the company’s website and mobile app.
A few years ago, I was in Paris at the Louvre battling a horde of fellow tourists for a peek at the “Mona Lisa.” Frustrated by the ridiculous melee, I turned around to leave the room.
What I saw was extraordinary.
Since early May, the city of Baltimore has been under siege by ransomware. The offending ransomware, called Robinhood, has encrypted data needed to perform several city services, and its creators are demanding a payment of 13 Bitcoins—about $113,000—to restore the city’s files.
Ransomware attacks on cities have been increasing around the country. For example, in March 2018, Atlanta was compromised by a ransomware attack that ended up costing taxpayers millions of dollars.
If you suffer a security breach, there’s a good chance it will come from within your company. It’s even more likely that the incident won’t be reported.
A recent Carnegie Mellon report found that 50% of incidents involving the exposure of private or sensitive information were the result of insiders.
Compounding the problem, according to Gartner, nearly 60% of workplace misconduct goes unreported. And because insiders tend to cover their tracks, their attacks are more difficult to uncover in the first place.
To make matters even worse, when insiders are caught, the issue is often downplayed or handled internally to avoid the publicity that might result from prosecution.
In this article, we’ll speak with an expert in the field, define the different types of insider threats, and discover practical ways to reduce internal security risks.
An unsecured database holding the personal information of 49 million Instagram customers was recently discovered. The data breach has affected numerous celebrities, influencers, and brands because the database in question is owned by a social media marketing firm that specializes in sponsored content for the platform. For Facebook—the parent company of Instagram—the episode is just the latest in a series of data security lapses.
Breaches such as Instagram’s appear in the news on a regular basis, but, though the results are usually similar, the causes often vary. Businesses must learn from recent data breaches to protect themselves against similar attacks in the future.