Data breaches are an ever-present threat to organisations. Despite advances in cybersecurity measures, the number of reported data breaches continues to rise yearly.
So far, 2023 has continued the pattern. As the calendar flipped to February, several data breaches were reported, including those affecting the NHS, Reddit, Arnold Clark, and Pepsi.
Let’s take a closer look at these data breaches and highlight how human error may have contributed to each incident.
NHS
Last month, news broke that thousands of NHS patients had their personal data leaked in a data breach.
The breach was caused by a phishing attack where an attacker accessed an employee’s email account containing confidential patient information.
The data stolen included patient names, addresses, phone numbers, medical information, as well as diagnoses and treatment details. The attacker then used this information to launch a spear-phishing attack on other NHS employees.
NHS has confirmed that the breach affected thousands of patients, and they are taking steps to prevent any further attacks.
This breach highlights the need for strong cybersecurity measures, including training for contractors and employees working with sensitive data. It also highlights the importance of regularly reviewing security policies and procedures to minimise the risk of such errors.
In another incident, social media giant Reddit suffered a data breach in February 2023 that exposed users’ personal data, including email addresses and passwords.
The breach was caused by a third-party vendor who had access to Reddit’s systems. The attacker could gain access to the vendor’s system by using a compromised login.
Reddit quickly detected the breach and immediately reset affected users’ passwords and notified them of the breach.
As with many breaches, the Reddit breach shows just how dangerous a compromised login can be. Alongside maintaining strong vendor management practices and conducting regular security audits, all employees should be trained to build strong, unique passwords for every account.
Arnold Clark
Last month, Arnold Clark, the UK’s largest car dealership, suffered a data breach that exposed customer data. The breach occurred due to a misconfigured server, allowing unauthorised customer data access.
The breach was caused by an unsecured database that was left exposed online and affected over 2 million customers; with data including names, addresses, and vehicle registration details being exposed.
It was discovered by a security researcher who notified Arnold Clark of the vulnerability. Arnold Clark immediately secured the database and notified affected customers.
No financial information was exposed, but the incident shows the importance of properly securing and monitoring databases. Curious to know more? Read our latest blog about cybersecurity risks in the automotive sector!
Pepsi
In another incident, Pepsi suffered a data breach in February 2023 that exposed customer data. It was reported that Pepsi Bottling Ventures (PBV), a subsidiary of PepsiCo, suffered a data breach that exposed employee information.
The breach was caused by a malware attack that targeted PBV’s payroll systems. The attacker gained access to employee data, including names, social security numbers, and payroll information.
PBV quickly detected the breach and took immediate action to prevent further damage. This highlights the importance of maintaining up-to-date malware protection and monitoring payroll systems for unusual activity.
What can you learn from these breaches?
The four data breaches that occurred in February 2023 highlight the ongoing importance of maintaining robust security practices in the face of persistent cyber threats.
Organisations must take steps to prevent data breaches by implementing effective security measures, regularly conducting security audits, and training employees to detect and avoid potential attacks.
As technology continues to evolve, the threat of data breaches will continue to grow, making it essential for organisations to remain vigilant and proactive in protecting their sensitive data.
How Bob’s Business can help protect your organisation
With the increasing frequency and sophistication of cyber threats, it’s essential to have proper training and awareness around cybersecurity for all employees in an organisation.
Bob’s Business is an award-winning training provider that offers engaging and interactive e-learning modules, helping organisations of all sizes educate and train their employees on cybersecurity best practices. Get in touch today to find out more about how we can help protect your organisation from the devastating impact of a data breach.