Cost of data breaches increasing
According to a study released last week, the cost of data breaches is rising for companies around the world. The study by research organisation Ponemon Institute revealed that the total average cost of a data breach is now USD 3.8 million or about USD 154 per record lost or stolen. The costs include fixing the breach, investigating the cause, setting up hotlines for customers and providing credit monitoring to those affected. These costs are then compounded by lost business due to customers’ wariness after a breach. In the UK, the average cost of the worst breaches is between GBP 1.4 - 3.14 million according to a separate survey conducted by PwC; representing an increase of over 200% from last year.
Data stolen during cyber-attack on German Bundestag
A spokesperson for Germany’s Bundestag, the lower house of parliament, has this week confirmed that hackers managed to steal data during a cyber-attack two weeks ago. The hackers managed to gain access to the Bundestag’s internal server, reportedly using so-called Trojan viruses to launch an unprecedented attack. Days prior, there had been reports that government IT experts had noticed previous attempts to access the server.
Dutch approve mandatory breach disclosure
The Dutch Senate has approved the Bill on Data Breach Notifications, amending the Dutch Data Protection Act to include new mandatory notification of security breaches of personal data for all data controllers in the Netherlands. Failure to notify is subject to the newly introduced fine of a maximum of EUR 810,000 or 10% of the company’s annual net turnover per violation, which could include global revenues. Although it is not yet known when this Bill will come into force, it is thought that the Dutch Parliament has approved these changes in line with the forthcoming EU Data Protection Regulation.
Heartland Payment Systems suffers data breach
On 8 May, Heartland Payment Systems suffered a break in at their Californian offices in which thieves made off with a large number of computers and other materials. It has not yet been revealed how many clients have been affected by the theft but it is reported that the systems that were stolen were not encrypted. This data breach comes after Heartland made a breach warranty promise to its merchants in January 2015, following the massive data breach it suffered in 2008. Heartland has issued a breach notification stating that it is working with state and federal regulatory and law enforcement agencies.
Over 1 million Japanese pension records leaked in cyber-attack
Last week an employee of Japan’s pension service opened an email containing a virus, triggering the release of about 1.25 million personal records, including pensioners’ names, account numbers, birth dates and addresses, to the unknown perpetrators. The affected computer has been isolated and it has been reported that there is no evidence that the core computer system, which tracks pensioner’s work and financial history, has been affected. The pension service, the world’s biggest, admitted to losing 50 million pension records in 2007.
Australian Privacy Commission to investigate Woolworths
The Office of the Australian Information Commissioner (OAIC) has issued a statement to advise customers that it is aware of reports that retail giant Woolworths allegedly emailed gift card details to a large number of customers. It is reported that the data breach affected customers who purchased vouchers from the online site Groupon; and the email contained information allowing recipients to spend money online. It is thought that the retailer has had to cancel over AUD 1 million worth of shopping vouchers as a result. The OAIC has approached Woolworths for further information.