News and Events

Data theft was not in the discount aisle

Posted in: , ,

By Brian Cowan

Back in 2014 the Supermarket chain Morrisons had the records of 100,000 staff stolen by an employee. This personal data was later published on the internet. In 2015, the culprit who was working for them as an auditor was jailed.

Data theft – at what cost?

For the thief the cost is eight years imprisonment and a £170,000 fine to be paid to Morrisons. As his motivation was apparently revenge and there was no obvious financial gain this has been an expensive exercise for him. Data theft has definitely proven costly and his next personal audit will not be enjoyable.

For the Supermarket chain the cost could be much higher as more than 5,000 of its staff have launched a legal case for compensation from the company. The employees claim addresses the loss of personal data, risk of identity theft, risk of financial loss and general distress caused by the breach. For them, the data theft could prove very expensive.

If this was post May 2018 and GDPR?

I am including this section to illustrate how EU GDPR could affect corporate risk . It does not reflect the situation at Morrisons today, nor is it intended to add to the media frenzy around GDPR fines. However, in a very imperfect world where GDPR requirements had been ignored, breach reporting neglected and a 4% fine levied…based on reported turnover in January 2017 of £16.3bn, at 4% this would have been a fine of £652m. With pre-tax profits of £325m for the year, the business impact is obvious. Whilst the ICO have stated that GDPR implementation is not a revenue raising exercise, the threat is there for those who do not act.

Could this data theft have been prevented?

Probably not. The perpetrator had access to the data to do his job and so could extract it easily. Security audits may have flagged something awry but in all likelihood the damage would have been done. The company has prosecuted him and the courts have imposed a strong penalty, both on his liberty and finances. The full financial impact on the company will be determined in the courts.

What can we learn from this data theft?

Firstly, data loss can be expensive for all parties concerned. Where possible, data access should be restricted to authorised users only. Audit mechanisms should be put in place to track access and usage. Monitoring toolkits are available that can track data access and usage, such as those from Varonis and STEALTHbits. These tools provide visibility to Management of how data is being used, whilst also keeping the infrastructure security in view. Active Directory should always be kept clean and up to date for both security and efficiency, both vendors have advanced capabilities in these areas.

GDPR when implemented can represent a heavy financial risk to non-compliant organisations. There is no “blue-print” for compliance but it is important that organisations address the requirements and implement steps to demonstrate good data management processes. The regulation is intended to improve the management of personal information and is likely to become part of the qualification process in supply chains. Further information on planning for GDPR can be found by clicking on the first image below:

                          Microsoft

16 Oct 2017

Contact Us

Keytech, 3 Smithy Court, Wigan WN3 6PS

Head Office: 01942 311 150

Service Desk: 01942 311 151

Email: info@keytech.co.uk

Newsletter

Submit

Book Your FREE Demo Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Request a CALLBACK

Simply fill out the form below we will be back in touch as soon as we can!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Download a FREE Best Practice Guide Document

Simply fill out the form below and you’ll receive our B&BC Best Practice Guide straight to your inbox!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Product Demo

Product includes:

  • Overview of the technology used
  • Live backup demonstration
  • Live recovery demonstration
  • Q & A session

Request a Demo

Simply fill out the form below and we’ll be in touch to arrange your free demo.

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Backup Assessment

Assessment includes:

  • Summary of all the servers within the network
  • Summary of all the workstations within the network
  • Assessment of critical data and applications
  • Bandwidth speed test & offsite backup assessment
  • Recommended BDR solution

Backup Assessment

View sample report

Request a Callback

Simply fill out the form below and we’ll give you a call to
discuss your requirements further

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Download a FREE Best Practice Guide Document

Simply fill out the form below and you’ll receive our Infrastructure Optimisation Best Practice Guide straight to your inbox!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Infrastructure Assessment

Assessment includes:

  • Non-intrusive
  • Runs for as little as 1 day or for up to 7 days
  • Identify and remediate issues
  • Generates performance and capacity reports
  • Maximise utilisation with capacity monitoring analytics
  • Assessment Playback by Keytech Consultant

View sample report

Request a Callback

Simply fill out the form below and we’ll give you a call to
discuss your requirements further

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields
We will send you an email with a confirmation link which you must follow to recieve these updates.
We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.


*Mandatory Fields