U.S. companies are not the only ones subject to data breaches. The problem is global, and to underscore that point, we note that a U.K. telecom company named TalkTalk was fined a record high £400,000 on Wednesday for lax security that led to the theft of personal data for about 157,000 of its customers. The stolen data included bank account numbers, birth dates and addresses.
The attack on TalkTalk ultimately cost the company about 100,000 customers and first-quarter pretax profits dropped from £32 million the same quarter of last year to £14 million.
Elizabeth Denham, head of the U.K.’s Information Commissioner’s Office, said of the fine:
TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.
Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.
TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.
A British security expert was less impressed according to a report in The Independent:
Even by factoring in the reported numbers of 157,000 personal details and, of those, the 16,000 who had bank details stolen, it still only equates to £2.50 per head or £25 per person who lost banking data. The fine seems to be ‘proportionate’ to the impact, but shows little regard for the possible risks and lack of due diligence of a company with four million subscribers.
The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 725 data breaches recorded this year through October 4, 2016, and that more than 29 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 13 since ITRC’s last report on September 27.
The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 725 data breaches reported so far for 2016 are more than 16% above the number reported (623) for the same period last year. A total of more than 169 million records were exposed in 2015.
Here’s a rundown of the latest ITRC report:
- The medical/health care sector leads all sectors in the number of records compromised to date in 2016. The sector has posted 36.6% (265) of all data breaches to date this year. The number of records exposed in these breaches totaled nearly 14 million, or about 47.8% of the total so far in 2016.
- The government/military sector has suffered 54 data breaches so far this year, representing about 42.1% of the total number of records exposed and 7.4% of the incidents. More than 12 million records have been compromised in the government/military sector to date in 2016.
- The business sector accounts for more than 2.5 million exposed records in 312 incidents. That represents 43% of the incidents and 8.7% of the exposed records.
- The number of banking/credit/financial breaches totals 26 for the year to date and involves more than 25,000 records, some 3.6% of the total number of breaches and about 0.1% of the records exposed.
- The educational sector has seen 68 data breaches in 2016. The sector accounts for 9.4% of all breaches for the year and more than 400,000 exposed records, about 1.4% of the total so far this year.
Since beginning to track data breaches in 2005, ITRC had counted 6,535 breaches through October 4, 2016, involving more than 880.5 million records.