It has recently been revealed that two more popular British organisations have fallen victim to damaging data breaches, following the sophisticated attack on TalkTalk earlier this year.
It has been estimated that supermarket chain Morrisons will be forced to pay out £2 million to their staff, after the biggest breach of employee data in British corporate history! The shocking data breach is believed to have affected 100,000 staff in total and was caused by an unhappy internal auditor, following a disciplinary action raised against him. The accused accessed staff’s salaries, NI numbers, dates of birth and bank account details – all of which were sent to newspapers and uploaded onto data-sharing websites. Morrisons employees now face a real risk of identity theft and it is the employer’s responsibility to rectify this; as when employers are given the personal details of staff, it is their responsibility and duty to look after them.
Another household name that recently experienced a cyber attack is JD Wetherspoon, where more than 650,000 customer’s personal details were stolen. Those affected had their information (including names, date of birth, email addresses and mobile phone numbers) hacked from the company’s database. However, Wetherspoon have confirmed that “extremely limited” debit and credit card details were stolen for just 100 customers that had purchased online gift vouchers before August 2014.
As well as this cyber attack affecting customers, it also posed a risk to staff. Those who had their details registered before November 2011 also had their personal details poached, although it has been confirmed that no salary, bank, tax or national insurance information was involved in this part of the system hack.
John Hutson, Chief Executive at Wetherspoon released an apology to staff and customers effected;
“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
The 2014 Information Security Breaches Survey from the Department for Business Innovation & Skills confirms that in 2014, 81% of large organisations and 60% of SMEs experienced damaging data breaches. Checks and measures within the internationally recognised Security Management Standard, ISO 27001, will ensure you avoid being a part of the 77% of small businesses who do not have a formally written internet security policy for employees to understand and follow.
ISO 27001 enables organisations to formalise and verify that risks are identified and managed, whilst demonstrating that you are serious about keeping your clients and staff’s information safe. 40% of small businesses without a contingency plan – so if you should incur a loss of data, creating an ISO 27001 Information Security Management System can ensure you are prepared.
- Three quarters of data breach incidents result from human error
- 85% of data breaches occur at small business level
- 31% of all cyber attacks occur at companies with fewer than 250 employees
- 41% of small business owners do not have any data security protocols in place
- 60% of small businesses will shut down following a cyber attack