In recent years, high-profile data breaches have dominated news headlines worldwide. As security breaches currently stand, the ICO can apply fines of up to £500,000 for contraventions of the Data Protection Act 1998. However, once General Data Protection Regulation GDPR comes into strong force in May 2018, the fines could in fact be a staggering 79 times higher. Smaller incidents will be subject to a maximum fine of either €10 million or 2% of annual global turnover, whilst more serious violations could result in fines of up to €20 million or 4% of annual turnover, whichever is greater. Here we look back on 5 of the most recent high-profile security breaches, that could have had shocking penalties if the pending GDPR been applied.
Yahoo (2013 – now)
One of the most infamous breaches was that of Yahoo, though not recent, details relating to the breach are still being revealed to this day. In 2013, Yahoo stated that the breach affected more than 1 billion user accounts, but recently they have stated that it was in fact ALL 3 billion users were likely compromised, breaking its own record for the largest ever potential data breach.
CEX Entertainment (2017)
Retail franchise and pre-owned game shop CEX have disclosed that despite their “robust” security they have been hit by a substantially large data breach, compromising the information of as many of 2 million customers including their personal details such as name, surname, address and email address. Affected customers have been advised by email to change their passwords as a precautionary measure.
An employee that worked for the private healthcare firm Bupa, copied and removed information relating to 547,000 international health insurance plan customers. The company said concerns about the breach were first raised in June and that the data included some contact information as well as names, dates of birth and nationalities, but no financial or medical data. The employee responsible for the breach, has since been dismissed.
It’s thought that nearly 250,000 customers of payday loan firm Wonga have been affected by a large breach, including bank account numbers and sort codes. Being a recent breach, Wonga have advised their customers to notify their banks to keep an eye on any unusual behaviour.
TalkTalk have fallen victim to a security breach for the second time within a year, after the details of as many as 21,000 people were unlawfully accessed by an IT company based in India. TalkTalk were previously fined a record £400,000 fine following a cyberattack in 2015, that led to personal data of 156,959 customers being stolen, including 15,656 bank account and sort code numbers. Since the breaches, TalkTalk have withdrawn all customer service operations from India.
Other companies and organisations such as Tesco, NHS, Sports Direct, Three have also faced some serious breaches in the past few years, with hefty fines and disgruntles customers. With GDPR coming into action next year, data protection is becoming a strong anxiety across the UK. If you need guidance and advice on how to become compliant with the GDPR legislation, call the expert Total Group team on 01727 881 224.