We give away our personal details on a daily basis; whether it’s when we’re online shopping, booking a holiday or making a booking at a restaurant. And even more so these days when we give our details to restaurants and pubs for use in the track and trace system. When we do hand over our details, we all assume that companies have the security in place to make sure it is secure. But this is not always the case.
British Airways Data Breach
British Airways have been fined £20 million for a data breach that occurred in 2018. The Information Commissioner’s Office investigated the breach. They found that BA was in possession of a huge amount of customer’s personal data, with not enough security measures in place to keep the data safe. The failure to put security measures in place to protect customer data broke data protection laws.
Due to the lack of security, British Airways was the subject of a cyber-attack in 2018. The attack was undetected for over 2 months. The worst part? It wasn’t even BA who detected it in the end!
ICO investigators found that BA should have been able to identify weaknesses in their security measures. It would have been easy for them to implement methods to solve the problem using measures available at the time. These methods could have included: providing limited access to applications, data, and tools to only those required to fulfil a user’s role, undertake testing on the systems, protect employees and other accounts by adding multi-factor authentication. None of these techniques would have cost a lot and would have been very easy to implement; some were even available through Microsoft’s Operating System. By adding these simple security measures, BA could have prevented the cyber-attack altogether.
The Cyber Attack
In 2018, the cyber-attack took place. Approximately 429,612 customers and staff had personal details breached. Some were personal details, but others included full card details, meaning the attackers had complete payment details.
As the breach happened in June 2018, the ICO were able to investigate on behalf of the EU authorities as lead authority under the General Data Protection Regulation (GDPR). Since then, BA have been issued with a fine of £20 million; the largest fine ever issued for a security breach.
The Importance of Safe Data
The BA data breach has affected the company in various ways, including loss of money from the fine pay out, to loss of customer trust. Customers have also been badly affected. Which? completed a survey in July 2020, and this showed that 23% of people have had their data compromised after a company has experienced a cyber-attack. Furthermore, 46% of these people have then been subject to fraudulent activity after a cyber-attack. It can be very difficult for customers to get any compensation for financial losses caused by a data breach.
How You Can Protect Your Company and Personal Data
After reading about data breaches, like the British Airways one, it is easy to see why it’s important to keep your details safe, whether you are a company or a customer. There are some simple steps you can take to keep your data secure:
- Passwords: You need to ensure all your accounts are protected by strong passwords. Passwords shouldn’t contain any personal names or dates. One thing I’m sure we are all guilty of, is using the same passwords for different accounts. We all struggle to remember our passwords so using the same seems like a good idea! But just think, if someone can hack one account, they can hack all of them. Use different passwords for each of your accounts.
2. Multi-factor authentication: Using increased security will help to keep any personal details safe. Examples can include adding a mobile number to your account. When signing into your account, you receive a code so you can securely log in.
3. Be wary: Fraudulent texts, calls and emails can be very dangerous. Be very careful when you are trying to distinguish between safe and unsafe communications. Hackers can be very clever when it comes to tricking people, so be extra cautious!
4. Destroy your data: We have all upgraded our personal electronic equipment every once in a while. Something people can forget is that data. and therefore, details, are stored on devices. If someone gets their hands on it, they can access your personal or company details. Therefore, it is incredibly important to ensure your devices are completely wiped of data when you are disposing of them.