(Photo from : Musings of a Mario Minion)
Another few weeks go by, another seemingly secure, reputable business has a cybersecurity breach. This month Tesco Bank fell prey, £2.5million was drained from around 9,000 current account holders. Tesco Bank moved quickly to refund all customers affected within 48 hours of the account fraud taking place. Normal service, including online transactions, resumed another two days later. So a happy ending for all concerned? In this case, maybe so. Tesco Bank claims no personal data was leaked.
The same can’t be said for the FTSE250 recruitment firm Michael Page. Last week it announced over 700,000 jobseekers using the site had their personal details hacked. Phone numbers, e-mails, and yes even full names were all accessible. There are very real risks to us, as customers, of having our personal data used for malicious purposes. If a criminal uses another person’s identity to commit a crime, the person being impersonated is likely to go through a lengthy criminal investigation process. Similarly, there is a risk that any financial transaction done with your stolen details will make you liable to pay them unless you have solid proof it really wasn’t you.
Blackmail is an issue too. Sure there might not be anything saucy in your full name or home address details. But what of this week’s revelations about AdultFriendFinder? To those unfamiliar with the site, it claims to be the “World’s Largest Sex & Swinger Community”. Over 300million accounts on the site claim to be hacked, with e-mails that could facilitate identification of individuals present for all to see. Extortion followed the 2015 Ashley Madison hack. How much would you pay to keep such usage a secret from your house mates?
It isn’t cheap for the businesses either. TalkTalk had 101,000 customers switching to a competitor in the three months following the hack. The firm attributes 95% of that number to the revelation. So why don’t companies simply invest more in cybersecurity? There is little financial incentive to invest once the bad publicity fades. Last year, a hack exposed the sexual preferences of 3.5 million AdultFriendFinder users and yet the company lives on.
Cyberattacks are one of the top threats to UK economic and national security. Every year the UK government publishes a Cyber Security Breaches Survey. Of the 1,008 businesses surveyed, nearly a quarter detected one or more cyber security breaches in the last 12 months. This reached 65% when taking just large companies.
All this leads one to wonder: How much of our personal details do we give businesses? Ever signed up to a ‘loyalty card’ that required your address? What about saving your debit card details on your favourite train booking site? Appendix II of the University’s Guidelines for Retention of Personal Data states certain personal data may be held by them in perpetuity. Can the details the University has about us really be claimed to be secure? Greater entities have fallen to such delusions.
By Nabeel Alhassan