This website use cookies Accept

Subscribe to our exclusive weekly newsletter

Join our mailing list and receive every week our news and tips into your mailbox!

What is a Data Breach?

In the digital era of big data, cybersecurity becomes more important and urgent every day. And the upcoming implementation of the GDPR law means preparing for the worst is compulsory for all businesses. The past few years have been littered with stories of well-known companies suffering 'data breaches' – but what exactly is a data breach and how can your organisation avoid one?
Protect your printer, MFP potential weak spot

September 19, 2017

Data breaches are potentially fatal occurrences for businesses – especially for those that provide products or services that require the storage of personal data.

With the looming implementation of the General Data Protection Regulation (GDPR) in May, data breaches are about to become a whole lot scarier for organisations.

So, what exactly is a data breach?

A data breach is the release of confidential information to an unauthorised or untrusted person or environment.

You may remember that in 2017 it was reported that Yahoo suffered a data breach that compromised 3 billion accounts – every yahoo user was affected by the data leak that was eventually attributed to Russian hackers.

While you may be thinking that all data breaches are done by someone sitting in a dark room with an anonymous IP address, you’d be wrong. Hacking has become an industry with dedicated businesses who have goals to reach and quotas to fulfil. And not every data protection breach is done exclusively behind the screen of a computer. Jamie Woodruff, one of the world’s most famous ‘ethical hackers’, spoke to Eureka about his favourite hack which involved him dressing as a pizza delivery boy to gain physical access to the target business.

Uber is another company has recently been in the spotlight for all the wrong reasons regarding data leaks. In late 2016, the company realised that they had suffered a data protection breach that left 57 million Uber users and drivers vulnerable. And, instead of quickly informing their affected customers and workers of the breach, they instead chose to pay $100,000 to the hackers to keep things quiet.

These sorts of occurrences are exactly what the EU’s GDPR law seeks to wipe out.

Organisations that suffer a data breach due to GDPR non-compliance will be fined 2% of their global annual turnover or €20 million (whichever is greater) – one would hope this isenough to scare any organisation into protecting the data of its customers.

One of the requirements of the GDPR is that organisations immediately inform data subjects of any instance of data breach. This could mean the difference between an organisation suffering or avoiding the huge penalties – provided that the data leak was not due to non-compliance. If a GDPR-compliant organisation suffers a data breach and immediately (within 72 hours) informs the affected data subjects and authorities – and is also able to demonstrate their compliance with the law – the organisation may not suffer the hefty consequences. Organisations will also be required to describe the consequences of the breach.

Protecting against data breaches is no simple task. But there are key actions that should be taken that will provide a basis for a good data protection policy. Encryption measures are always a good place to start, but organisations should also carry out regular tests and audits to ensure that all measures are working properly. The Data Protection Officer (DPO) should constantly review the systems in place and keep record of such systems to communicate them to the relevant regulatory bodies.

ABOUT EUREKA

Eureka means “I found it!” and was the phrase that exclaimed Archimedes after discovering that the volume of water that ascends is equal to the volume of the submerged body. It is about problem solving, learning, and discovery. So that is precisely the purpose of this website: to understand, to learn. A tribute to our ancient history. From Europe to the world.