Data is one of the most important resources that a company possesses, with a lot of value gained from knowing more about your customers and your place in the market. However, losing control of this data can have serious ramifications for your business, individual members of staff and customers alike.
Learn more about what data breaches are, some of the most significant data breaches so far in 2023 and the importance of protecting your customer data as a business.
What are Data Breaches?
A data breach refers to any instance where confidential data is leaked to an external party. This includes instances of hackers breaking through company systems, supposedly private platforms releasing their information to the public or companies accidentally displaying personal or private information to people that are not meant to see it.
The most common form of breach is a result of a cyberattack. In these instances, a malicious party will act against a company, using either technical knowledge or social engineering to gain access to a company’s platform and cause issues for the business.
Data Breaches in 2023
Some of the most significant data breaches to have taken place throughout 2023 include:
Zellis and The BBC
Zellis is a major contractor for IBM, who support organisations across the UK including the BBC. In June 2023, a significant amount of data leaked from BBC servers, with some of the missing information including national insurance numbers, names, contact details and the prior payslips that individual members of staff received. No bank details were leaked, and the organisation kept staff members informed and supported throughout the recovery process.
In May 2023, T-Mobile suffered from a major leak that saw the data of 800 customers leak. This included the names of the customers, the devices that they were using and the PIN codes that they used to protect their devices. This wasn’t the first attack that the mobile carrier suffered, as in January T-Mobile discovered a breach that revealed data from over 37 million customers. Such hacks lead to severe customer trust issues and extensive costs, with some people looking for compensation in addition to the further security expenses the business is due to incur.
ChatGPT is one of the most talked about platforms in the world this year, but OpenAI, the developers of ChatGPT, have suffered a cyberattack themselves. A security weakness led to users being able to see the name, payment information, payment address and credit card expiration date for other users of the platform. In the time since OpenAI has added further security measures to prevent this issue from happening again, and has informed all of the affected users of what happened and how they seek to fix the issue.
Activision is one of the largest game publishers in the world, holding data for all of their players across a vast number of games and software platforms. In February, the company suffered an SMS phishing attack that provided an attacker with a wealth of information, including the email addresses, phone numbers and salaries of employees. In addition to this, later investigations found that the hacker had also discovered the company’s release schedule for the year in addition to more sensitive employee information than was previously reported.
Phishing attacks target more than just individuals, with the email platform MailChimp suffering from a data breach thanks to a social engineering attack. Hackers breached the accounts of MailChimp administrators and members of staff, with the accounts then having access to internal support tools. The email client dealt with the issue in a professional manner, locking the accounts and taking time to verify them before reopening them for the users.
Yum Brands, the company that runs KFC, Taco Bell and Pizza Hut, suffered from a cyber attack back in January. The belief is that the only data affected was corporate, referring to company finances, branding and strategies. However, a later investigation found that some internal personal data was part of the leak, whilst there was no evidence of any customer information being impacted. As a result, over 300 locations across the UK temporarily closed whilst the company got a better understanding of the issue.
MCNA Insurance was the victim of a cyber hacking incident that hit 112 entities, with different information being revealed on an individual basis. Some examples of the information lost includes names, email addresses, social security numbers, phone numbers and other identifiable data like driving licence numbers. Almost nine million people were affected by the attack, with the organisation waiting until May to disclose the information after being attacked in February.
Whilst this breach didn’t occur in 2023, it was discovered just this year that in March 2021 a vast amount of information was stolen from Luxottica. The company is known for popular brands including Bay-Ban and Costa, whilst having clients including Giorgio Armani and Versace. Some of the data stolen includes tens of millions of email addresses from clients and a wealth of other information that leaked for free on hacking forums later. Leaks from the database contained customers’ full names, email addresses, home addresses and dates of birth.
Why Protecting Customer Data Matters
Protecting customer data matters for a few reasons, the first of which is regulatory. Authorities across the world are increasingly giving people control over their data, and being the subject of a data leak can lead to significant fines as a result of this. Not only that, but companies have a lot of responsibilities to their data subjects which are best completed by having a secure system. It’s important for businesses to have a data breach response plan in place in case they do suffer a breach.
Aside from that, there can be a lot of reputational damage to an organisation as a result of data leaks. If important information leaves the business, customers can become disillusioned and move away from the company for their future purchases. Word of mouth is still one of the most powerful ways people form their opinions, and this could lead to a business’ prospects going from extremely promising to disappointing in one fell swoop.
Why Choose Eventura as your Cybersecurity Partner?
With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.