28 October 2018

IRM Weekly Cybersecurity Roundup: Data breaches at Morrisons, Facebook and Yahoo and more

Each week, IRM gathers up (what we think) are the most interesting and important reads from the cybersecurity industry. The weekly roundup will often include good and bad examples of cybersecurity practice and thought pieces from across the globe – all summarised in one handy place for your regular news top-up.

Morrisons, Facebook and Yahoo face fines for data breaches

After various data breaches, these three big organisations are up against various payouts.

Morrisons staff are likely to receive a payout after the supermarket had a data leak in 2014 which exposed the personal and payroll information of over 100,000 staff.

Facebook, who faced trouble for serious breaches of data protection law between 2007 and 2014, has been told to pay £500,000. Facebook processed personal information of its users unfairly by allowing developers to access information without consent. This information was also not stored securely, meaning that the data was harvested and shared with a number of organisations for political campaigning. The fine given is the maximum amount possible under pre-GDPR legislation.

Finally, Yahoo are facing a £50 million fine in what is being called the “biggest ever data breach”. Three billion Yahoo user accounts were affected in the 2013 data breach when names, emails, phone numbers, birth dates and security answers were stolen. After taking three years to disclose full details of the breach, Yahoo now face one of the largest fines to date.

You can read more by clicking on the individual URLs above.

The most advanced malware ever seen created by the Russian Government

According to researchers, Russian Government-backed hackers are responsible for the “Triton” malware attack on a Saudi Arabian petrochemical plant in 2017. The attack was designed to shut down the plant’s operations and trigger an explosion, and followed previous attacks aimed at wiped systems and sending political messages. The group named as being responsible is the Central Scientific Research Institute of Chemistry and Mechanics, who are an institution located in Moscow.

Read more about it here.

Another airline hit by data breach: Cathay Pacific

The Hong Kong airline, Cathay Pacific, announced that they have suffered from a data leak affected 9.4 million customers. Personal information including passport numbers, identity card numbers, email addresses and credit card details have been accessed.

With financial problems already in play after announcing its first annual loss after seven decades, the airline has not mentioned any compensation for customers.

You can read more here.

Is autism an asset to UK cybersecurity?

With only 16% of autistic adults in full-time work, NewsStatesman highlights that, whilst those with autism can struggle with certain social situations, they have talent for problem solving and pattern spotting. With this in mind, there is a solid crossover between autism talent and the skills required to work in the cybersecurity industry. The Department for Digital, Culture, Media and Sport launched a six-month pilot aimed at boosting the number of women and people with neurodiverse conditions in the industry.

With other organisations such as GCHQ proudly celebrating their neurodiversity and staff on the autism spectrum, many are starting to recognise that the crossover could help to close the ‘cyber skills gap’ in the UK. Some businesses are concerned about the extra training and resource that would need to be invested to support autistic staff. Others argue there are other benefits, such as loyalty, which make them great employees.

You can read more here.

British Airways attack bigger than first thought

On Thursday, it was revealed that British Airways’ recent cyber-attack affected a further 185,000 customers than first thought. The information taken is thought to include payment card billing address, emails, card number, expiry dates and CVVs. Whilst British Airways state that they “do not have conclusive evidence that the data was removed from its systems”, customers are taking precautions by cancelling cards and an investigation is ongoing.

You can read more here.

To receive this blog post direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup or want to know how IRM can support your cybersecurity strategy, get in touch.