Financial data belonging to as many as 42.2m* people in the UK was compromised in data breaches last year, up 1,777% from 2.2m in 2019-20, says RPC, the international law firm.
RPC says the huge spike likely reflects an increase in the amount of data compromised, partly because of a greater number of ransomware attacks. These can potentially involve significant quantities of data being copied at the same time as encrypting the target’s data.
Having taken financial and other information from the target’s system, the criminal gang will threaten to sell this data, or leak it on the dark web, should the target refuse to pay the ransom.
Richard Breavington, Partner at RPC, explains that criminal gangs are doing this, because their blackmail threats over encryption alone are becoming less effective as businesses get better at backing up their systems. But hackers have honed their tactics and added this additional form of blackmail.
RPC says the financial cost to businesses posed by ransomware attacks can be dramatic. This includes not just the cost of the interruption to the business, but the various legal and regulatory ramifications of large amounts of personal data being taken.
Richard Breavington says: “The surprisingly high number of people whose financial data was impacted in the last year shows how cyber-attacks have become endemic.
“Hackers are continually refining their methods, employing ever more complex techniques to extort money in whatever way they can. Some businesses, fearing the potential reputational costs, not to mention other consequences, decide that they will take the last ditch approach of paying the ransom demands.
“As a result, these attacks have become very lucrative for cybercriminals.”
Several large data breaches occurred in the past year, including one involving an airline, which saw nine million customers impacted. In the attack, believed to be one of the largest in the UK, hackers stole data including names, email addresses, travel details and credit card details.
RPC says the figures show how important it is for businesses to take precautions when processing and storing personal data relating to customers and employees. In addition to investing in robust IT security software, businesses should be careful as to where they hold sensitive data and how these files and folders are organised.
Richard Breavington says: “Before carrying out an attack, hackers are increasingly carrying out reconnaissance to scope out protections that are in place, as well as data held by the company. Businesses should not be making their jobs easier by signposting this information.”
*Year-end June 30, may include individuals that had their financial data compromised more than once in completely different and unrelated data breaches.
Based on data provided to the ICO by organisations that have suffered a data breach