Recently payday lender Wonga suffered a monumental data breach with personal details from hundreds of thousands of accounts likely to have been illegally accessed. More than a quarter of a million customers have since been warned that their personal data may have been stolen.
This is yet another substantial attack. This comes on top of the recent hugely damaging attacks on a number of well-known UK brands including Tesco Bank and telecoms provider Three.
The UK’s Information Commissioner’s Office (ICO) in recent times has been getting harsher with companies for security failings, specifically where that allowed a cyber attacker to access customer data.
In the case of Three it has experienced multiple breaches. In late 2016 three men were arrested after they accessed the personal data of thousands of the company’s customers, including names and addresses. The attackers used authorised logins to Three’s database of customers eligible for an upgraded handset and the customer information from more than 133,000 users was compromised in the incident.
Wonga is also likely to feel the wrath of the ICO’s power very soon given the size of the breach that has occurred. These cyberattacks are part of a growing trend of attacks on consumer-facing organisations.
With the growth in size and frequency of attacks it is imperative for businesses to protect themselves, especially with new European laws coming into force in 2017. Companies should feel more inclined to consider security precautions as a priority, but crucially, by giving cybersecurity the attention it deserves and investing in well-managed security controls, damage control won’t be necessary.
Organisations also have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches. Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, however ultimately, protection systems need to be put in place to keep hackers out.