It has been a month since the Notifiable Data Breach Scheme came into effect on 22 February 2018 and at least one major data breach has occurred in Australia since the scheme began.
This breach occurred at a shipping company who had emails secretly and automatically forwarded to two external accounts over the period of 10 months. This company had to notify the Office of the Australian Information Commissioner as the breach:
• Contained information that was likely to cause serious harm to individuals
• Occurred in a business that was covered by the Privacy Act 1988
If you are not sure what the notifiable data breach scheme is and who it affects, please click here.
The breach was only detected after the emails began to bounce back, which shows that it could have occurred for much longer if this was not the case. The emails contained sensitive information about 400 of their 1000 employees, including superannuation details, tax file numbers and even their next of kin details. These employees have now been notified, and the company is now reviewing the breach to see the full extent of data stolen. It is yet to be determined whether this company will face a fine for the breach.
Although this next story has not taken place in Australia, it is still relevant to data breaches and how they can affect your company. Yahoo in the United States has been ordered by a federal judge to face a lawsuit over a data breach that has been claimed to affect all three billion of their users. This occurred over a series of data breaches between 2013 and 2016, and it is alleged that Yahoo took too long to disclose information that increased the risk of identity theft occurring. This data theft was revealed after Verizon agreed to buy Yahoo’s Internet business but lead to a dramatic decrease in the value of the company. This shows that there is not only potential to be fined after a data breach, but to also be held liable in court as well as losing a significant amount of value for the company.
As you can see from these news articles, it is important to have both strong security and effective data breach response plans in place so that if a breach does occur, it can be recognised quickly, and the effects can be limited to lessen the risk to your business. Using a managed service provider can be a great way to quickly gain expertise in IT to lower your risk of a data breach occurring.
Click here to download a document from the Australian Government which outlines how data breaches should be reported on if they occur in your business.
If you think your business could be better prepared for a data breach, download our Notifiable Data Breach Response Plan Checklist here to see which areas of your IT security need work.