Ashley Madison, an international dating website that connects married people who are looking to have an affair, has been hacked by a group that calls itself the Impact Team. 

The hackers claim to have gained complete access to the site’s database and have made an initial release of 40MB of data, including user credit card details and company financial information. The initial release was accompanied by a manifesto which threatens to release all users’ personal information if the site is not permanently shut down. 

This cyber-attack came only three months after Ashley Madison announced plans for an IPO with a view to raising $200 million on the London Stock Exchange. 

The hackers have specifically objected to Ashley Madison’s full delete service, which charges users £15 ($19) to carry out a “full delete” of their information if they decide to leave the site. The hackers claim that this is misleading and real names and credit card information remain online. 

CYBER RISKS TO UK BUSINESSES

The attacks on Ashley Madison serve as  a warning to all businesses with an online presence. Cyber-attacks are becoming increasingly frequent and can cause a variety of losses to UK business, including: 

  • Claims by data subjects
  • Loss of IP and confidential information
  • Fines by the ICO and other regulators
  • Damage to business and reputation. 

It may seem unfair that a “victim” who is hacked will be liable to the regulators. After all, the hackers are committing a criminal offence. However, there has been a recent increase in enforcement action by the Information Commissioner’s Office (ICO) in relation to hacking incidents and, in 2014, one third of all ICO fines related to cyber-attacks. 

It is not always easy to protect your business against a skilled and determined hacker with an axe to grind, but by following best practice you can reduce the risks of opportunist attacks. Below are four steps that businesses might want to consider: 

KEEP UP TO DATE

Given the rate of technological change, it is important for businesses to ensure that their hardware, software and knowledge of cyber security issues all remain up to date. 

PENETRATION TESTING

A simulated attack will show how vulnerable a target would be to a real attack. 

CERTIFICATION SCHEMES

The UK government’s Cyber Essentials Scheme provides organisations with guidance and accreditation to reduce vulnerability to the most prevalent forms of online threat.

CYBER RISK INSURANCE

Insurance can cover liability to consumers but it may not be possible to insure against the risk of fines or penalties for public policy reasons and insurance will do little to protect you from reputational damage!