You would think that the bigger the company or corporation, the better their security would be, but that’s not the case. Perhaps it’s because of their sheer size that huge establishments seem to have more data breaches. There are more employees to make mistakes, more documents and devices to protect, and an enormous communication network to monitor.
Not even the Australian Government is immune from security breaches. It was reported that two old filing cabinets bought in a second-hand shop were full of sensitive government documents.
The cabinets were bought by a man for $10 each, and after finding the documents he contacted an ABC journalist. The story ends well with all the top-secret files being returned to the government, but not before many were leaked to the public. It was a serious security breach caused by human error, and it could have been disastrous for a lot of people.
Here are some other infamous and major security breaches:
In 2011, group discount site, Catch of the Day, was hacked and personal details and credit card information was stolen. It wasn’t until 2014 that customers were told about the security breach by email, a month after the OAIC was informed.
In 2013, during the Christmas shopping frenzy, American department store, Target, revealed that credit and debit information for 40 million customers had been stolen. They later owned up to compromising the email addresses and home addresses of another 70 million customers.
An internal review showed that Target had failed to notice the security breach for some time. It has so far cost the corporation over $202 million in legal fees and restitution.
In 2016, Uber covered up a data breach that affected 600,000 drivers. Their license details and personal information was compromised, and the names, email addresses and mobile phone numbers of 57 million customers were exposed.
The drivers were offered free credit monitoring protection, but nothing was offered to the affected customers, not even an apology.
In 2013, 3 billion Yahoo email users had their information compromised. While Yahoo took action to protect all accounts, they kept quiet on the breach until the middle of 2016.
With the Notifiable Data Breaches scheme, which came into force on 22nd February 2018, comes a spate of reported data breaches that, quite possibly, would have been kept quiet. Under the new law, entities with an obligation to secure personal information under the Privacy Act 1988 must notify individuals, and the OAIC, when personal data is involved in a security breach.
Of the organisations reporting data breaches, 24 percent were in the health care industry. Human error was responsible for 51 percent of the breaches, and 44 percent was due to malicious cyber-attacks.
It’s clear that many security breaches are caused by human error, and not being vigilant about keeping documents and devices containing sensitive information private. Data breaches often occur when old documents and devices aren’t destroyed properly. In Confidence provides secure document destruction in Melbourne, with a certificate of destruction issued to your company to ensure confidentiality. Call 1300 723 187, or contact us online.