TalkTalk announced that it had been the victim of a cyber-attack, unsure how many of its four million customers were affected; a Marks & Spencer “website glitch” meant that customers’ personal information was displayed to other users when they logged into their online accounts; and British Gas revealed that around 2,200 user account details had been posted online – but claimed the leak had not come from the company itself, leading to speculation that a phishing attack may have resulted in credentials being stolen.
While it appears that Marks & Spencer’s breach was a result of internal difficulties, rather than external thieves, it shows just how easily anomalies can occur and, if they aren’t detected, can result in the loss of data.
What is most notable about this spate of breaches is the fact that the cause of each one was different, though the outcome was the same – customer personal data leaked. Furthermore, The Institute of Directors (IoD) has said only “serious breaches” made the headlines, but attacks on British businesses “happen constantly”.
If we take any positives from the TalkTalk, Marks & Spencer and British Gas breaches it should be that they highlight just how critical it is for businesses to have intelligent security strategies in place alongside a robust and solid framework. Each is a high-profile organisation and if they can become a victim, anyone can.
While it may be almost impossible to prevent a breach nowadays, it’s not impossible to limit the damage – but only by taking an intelligent approach to security.
by Henry West