by Alessandro Piva and Giorgia Dragoni, Information Security & Privacy Observatory
In the last weeks Data Breach reports by organizations that have been subject to security violations have increased. But let’s find out why this is primarily due to the introduction of the GDPR (the new General personal data protection Regulation).
Famous Data Breach cases
July 18, 2018: there have been reports that Movistar, one of Spain’s major Telco operators has been subject to a security breach caused by a weakness of its IT systems. The personal data of millions of customers has been accidentally exposed online to anyone with basic technical expertise. Due to a malfunction related to dynamic addresses (URLs), it was possible to collect personal information regarding every Movistar customer by simply editing some parameters manually.
The Movistar case however, is not the only data breach event occurred over the last weeks. In the last period there have been news about security violations on a nearly daily basis, and they are increasing at a phenomenal rate. Just to mention a few examples, following are some recent cases:
- LabCorp, an American Medical diagnostic company that on the 16th of July announced it was looking into “suspicious activities” that could have put health data of thousands of patients at risk;
- Adidas, communicated on the 29th of June to have been subject to a breach that exposed contact information and passwords of several million customers of the American online store;
- NHS, the UK National Health Service has been subject to a data breach and as a result exposed the personal information of millions of patients.
Data Breach and GDPR
Though the increase of news of this kind is alarming, it represents the first evidence of the consequences of the GDPR era. With the effective enforcement of the new data protection regulation it has become mandatory to inform the Authorities in the event of loss or breach of personal information within 72 hours from disclosure.
Already in 2017 Research conducted by the Information Security & Privacy Observatory highlighted a considerable increase of awareness within businesses to data protection, attributable to the GDPR. The gradual increase of reports and news of potential breaches confirms the issue has reached the highest level of attention ever. The General Data Protection Regulation is already producing results: for companies it is an opportunity to stimulate investments, to design new roles within organizations, to implement new tools and methodologies capable of enabling secure digital transformation which affects each and everyone of us, both as consumers and professional users.