As we wrap up 2017, the odds are in your favor that at some point your personal information was stolen in one of the 1,200+ breaches reported this year alone. The scariest part is that there are still countless breaches that haven’t been detected yet and corporations are still dealing with the ramifications from breaches that occurred years ago. Worse yet for businesses is that new regulations will be putting a tremendous amount of pressure on IT teams to protect critical data or face significant fines.
The countdown to the EU General Data Protection Regulation’s (GDPR) enforcement date has begun – May 25th, 2018 – at which time those organizations in non-compliance will face heavy fines. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
GDPR applies to all companies processing personal data in the EU, regardless of whether the processing takes place in the EU or not. It also applies to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens and the monitoring of behavior that takes place within the EU. Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU.
The United States is also looking to implement similar regulations.
With the threat of fines and damages ever increasing, let’s take a look at the top 5 breaches of 2017:
Dun & Bradstreet: Dun & Bradstreet had a 52GB database containing approximately 33.6 million corporate contacts was exposed across the web in March 2017. Commenting to SC Media, Dun and Bradstreet released a statement that, “Based on our analysis, it is our determination that there has been no exposure of sensitive personal information from, and no infiltration of our system. The information in question is data typically found on a business card. As general practice, Dun & Bradstreet uses an agile security process and evaluates and evolves security controls to protect the integrity of our data.” Others disagree and believe the records provide the opportunity to conduct spearphishing campaigns to government workers and private corporations.
Republican National Committee: Oh no… not another political party breach… it has been determined that a misconfigured database containing information of over 198 million registered voters was breached. This includes names, dates of birth, addresses, phone numbers, voter registration details, ethnicity and religion. The breach occurred because the data was stored on an Amazon cloud server without password protection.
Equifax: Equifax, one of the three largest credit agencies in the U.S., experienced a data breach that may have involved 145.5 million people – which amounts to 3 out of 5 adults in the US. The data stolen included names, addresses, phone numbers, emails, Social Security numbers and driver’s license numbers. In response to the hack, Equifax is offering credit monitoring services.
Uber: Just when you thought it was safe to use your app for a car ride, Uber acknowledged a potential breach that could impact 57 million Uber users and drivers. The company resorted to paying the hackers $100,000 to keep the data from being sold on the black market.
Alteryx: Alteryx is a data analytics firm that purchased information from Experian that was breached. This included personal details of more than 120 million US households. The information was stored on an Amazon Web Services cloud storage bucket with no password protection. The ramifications of this breach are still being determined.
These were just some of the largest breaches in 2017. If history shows us anything, this number is only going to grow as hackers become more sophisticated. But there are ways you can protect your organization’s data while complying with new rules and regulations such as GDPR. Contact Greenlight today to learn more.