<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">
LEGAL IT BLOG

Recommended Blogs

  • Cyber security and technology for the innovative legal organisation

    The legal sector has been innovating through the intelligent deployment of technology and IT in the last decade.  

    Read More
  • Latest legal cyber security threats

    Cyber crime is absolutely everywhere now and the legal profession is at particular risk from being targeted. That’s ...

    Read More
  • UK business cybersecurity – in numbers

    First the good news – according to the Department for Digital, Culture, Media & Sport, the number of cyber attacks on ...

    Read More
  • GDPR – where we are with it right now?

    The GDPR became law on the 25th May 2018 across all member states of the European Union. Where we are with it right now ...

    Read More
  • The latest innovations in legal tech

    Solictors’ practices and barristers’ chambers are continuing their multi-year embrace of new technology as they seek to ...

    Read More
Biggest cybersecurity breaches of 2018 and what to look out for in 2019
BY Fiona Hamilton

For a number of years, there has been an open battle between cybercriminals interested in stealing personal and financial data from companies holding that information and security firms who want to protect that information from ever being exposed.

 

 

It’s a war fought on a global scale and, given the rewards on offer for both the cyber-attackers and the companies trying to stop them, there’s no evidence that the war will stop anytime soon.

 

There were some major data breaches in the UK and around the world in 2018 and we report on five of the most remarkable in this article. We then look at what might be in store in 2019 and how best to protect your practice or chambers from attack.

 

 

British Airways 

In September, hundreds of thousands of BA customers’ personal and financial data was stolen after a particularly sophisticated hack which stretched out over two weeks.

 

380,000 payments were “compromised” prompting the airline to take out a full-page ad in the Metro newspaper apologising for the incident.

 

 

Ticketmaster

 

40,000 customers were affected by a breach of online concert ticket seller Ticketmaster in June. The breach occurred as a result of a malware attack on a third-party vendor (Inbenta) used by the company. On discovering the problem, Inbenta’s software was withdrawn from use on Ticketmaster’s network of European sites.

 

5% of its users were affected by the breach – information stolen included users’ names, telephone numbers, email addresses, postal addresses, log-in details, and payment details.

 

The company promised to compensate all users for any loss and offered them a free 12-month identity monitoring service allowing them to detect any unusual financial activity against their name.

 

In a first since the introduction of GDPR, Hayes Connor launched a class-action law suit against the company on behalf of the victims. Hayes Connor admitted that it was likely that Ticketmaster might be fined by the ICO but that would not in any way financially compensate users for any losses or distress caused by the breach.

 

 

Facebook 

It’s not been a good year for Facebook. As 2018 came to a close, there were many opinion pieces floating around the internet and in the national press arguing for a break-up of Facebook because it was too dominant and it did not use that dominance responsibly.

 

In October, the company revealed that 30 million of its users had been affected by a “massive hack” and that the FBI had asked the company not to reveal who the perpetrator of the attack might be. Information stolen included users’ locations, dates of birth, recent searches, and information on their relationships. Business Insider listed a comprehensive run-down of the person information stolen by the hackers.

 

 

Dixons Carphone 

Last year, Dixons Carphone, the parent company of Currys, PC World, and Carphone Warehouse among others, reported a data breach from summer 2017 last year thought initially to affect 1.2 million customer records. The hack was part of an attempt to access the financial details contained on 5.9 million cards in the processing systems of the business, according to TechWorld.

 

The retailer informed the Information Commissioner’s Office even though there had been no evidence of fraud as a result of the attack on its systems. Later, the company revised its estimate of the number of affected customers up to 10 million, a substantial rise on its initial assumption.

 

 

Equifax 

In September, Equifax was fined £500,000 by the Information Commissioner’s Office relating to a cyber-attack that affected 15m people in the UK. It was part of a worldwide attack which involved over 146m consumers around the world.

 

The company was warned by the US government about a “critical vulnerability” in its cyber-security systems by the US government in March 2017 but, according to the ICO report, it did not act upon the issues raised and this led, eventually, to the breach.

 

 

What’s to come in 2019 

To date, the ICO has only acted against one firm after the introduction of GDPR. We were among many companies which predicted that the regulator would not be particularly punitive in its approach in the immediate aftermath of GDPR – and we were right.

 

In 2019, we think the regulator is likely to become far more proactive and aggressive in its approach to GDPR and data security compliance. Quoted on the CSO website, senior staff writer J.M. Porup believes that “(e)nforcement is going to be harsh beginning in the first half of 2019. Companies engaged in surveillance capitalism, like Google and Facebook, are in for a rough few years."

 

We’ve written about multi-factor authentication before and it’s a core part of Sprout IT’s service offering to clients. Computer Weekly columnist Corey Nachreiner (Waterguard Technologies) calls on all businesses large and small to embrace it in 2019, calling the solution “much easier and less expensive” than other security alternatives.

 

 

Protecting your practice or chambers 

Sprout IT works with legal firms across the UK providing the latest cybersecurity to protect client’s information and the reputations of our customers. To speak with one of our team about mitigating the threat from cybercrime and data breaches, call us today on 020 7036 8530 or email us. To read more about cyber security news and legal IT technology publications, follow our Legal IT & Technology blog. 

 

Cyber Security cyber threat cyber resilience cyber security technology