Cyber Security Incidents of 2020

Today we take a look at some of the most significant cybersecurity incidents of 2020, their impact, and the steps your organisation can take to protect itself.

Cybersecurity in the UK

According to ITpro.co.uk, 2020 was the busiest year on record for cyberattacks against UK firms, with a 20% rise against 2019 (exactly 686,961 according to specialist internet service provider ISP beaming). The damage of cyber attacks can be devastating. In the UK, the average cost of a data breach has grown to nearly £2.7 million, according to IBM research, and the reputational harm can be incalculable.

Why has cybercrime increased?

Due to the Coronavirus lockdown, employees need to work from home where possible. Companies were compelled to invest in online tools and software for their staff’s well-being and survival without fully understanding the risks and vulnerabilities (or perhaps not taking them seriously enough or not having the funds to invest in cybersecurity). 

Top cybersecurity incidents 2020

The top cybersecurity incidents of 2020 include:

Tesco Clubcard

In the Tesco breach, fraudsters used usernames & passwords, taken from leaks on other sites, to access Clubcard accounts. The fraudsters could have been successful spending points or vouchers, leading to:

  • Tesco being forced to issue 600,000 new Clubcard loyalty cards
  • Clubcard holders being asked to reset their passwords

The types of breaches can be prevented by introducing two-factor authentication. Users need to take some ownership and get clued up on secure password management and refrain from using the same password across multiple accounts. 

Virgin Media

Virgin Media left a marketing database open for ten months, which saw 900,000 people’s personal details being accessed. The consequences for Virgin Media included:

  • Having to inform the Information Commissioner’s Office of the breach
  • Reputational damage from the Financial Times reporting of the incident

The incident could have been avoided if the database was correctly configured.

Boots

Boots Advantage Card suffered an attempted cyber-attack, using stolen passwords to compromise user’s accounts. Boots was

  • Forced to suspend loyalty card payments temporarily 

The Boots incident once again demonstrates the importance of user’s not using the same username and password for multiple accounts.

Avon

A misconfigured cloud server at Avon allowed 19 million records to be leaked, including personal information. The damage to Avon included

  • Exposing the company to ransomware attacks
  • Some services and operations were interrupted, which may have been caused by the leak

These types of incidents can be prevented by encrypting databases and adding password protection.

Oracle and Salesforce

Oracle and Salesforce use third-party cookies for mass surveillance of internet users and ad tracking to carry out real-time ad auction bidding. Litigation argues that the process is not compliant with EU laws that govern personal data use without the person’s consent. Oracle and Salesforce are subject to:

  • Collective claims that exceed 10 billion Euros

This type of litigation can be prevented by ensuring GDPR compliance.

How companies can protect themselves against cyber attacks

Companies can protect themselves against cyber attacks and ransomware through penetration testing. Pen testing from Omnicyber Security discovers vulnerabilities in your network and apps, so these can be addressed.

How companies can ensure compliance

Omnicyber Security can help your business protect its sensitive and confidential personal data and ensure GDPR compliance. Contact us to learn more about the full range of services we provide.

Contact us

Related Articles

encryption

What does Salting the hash mean (is it effective?)

Passwords are the cornerstone of security, preventing unauthorised access to your network, applications, and customer accounts. The challenges of password security include storing them. If you store passwords in a database as plain text, anyone who gains access to the database can read them, just like the words in this explainer. Salting the hash is a technique that protects against this vulnerability.

Find Out More