Cyber Security News Roundup – 21st August 2023
By Emily Davidson
21 August 2023
Last week's cyber security headlines highlighted the importance of mitigating insider threats - whether malicious or not. To learn more about each story, click the headings.
Norfolk and Suffolk police admit breach involving personal data of 1,230 people
15/8
Following the recent news of data breaches at the Police Service of Northern Ireland and Cumbria Police, two more police forces in England have admitted mishandling the data of victims, witnesses and suspects. The data of 1,230 people involved in cases including domestic abuse incidents, sexual offences, assaults, thefts and hate crimes, was released in files responding to freedom of information (FoI) requests. The Information Commissioner’s Office has placed both forces under formal investigation, with a deputy commissioner saying that these breaches highlight “just how important it is to have robust measures in place to protect personal information”. Depending on the outcome of the ICO investigation, both forces could be facing fines. In a statement, the police confirmed that raw data, including personal identifiable information belonging to the constabularies, had been included in the files, adding that there was no evidence that anyone had clicked on the links to read the files and that FoI request procedures are under continuous review. (The Guardian)
Indies 'in standstill' after cyber attack hits IT supplier
18/8
A cyber attack that targeted fashion retail management solutions provider Swan Retail has resulted in disruption to inventory management, order fulfillment and accounting services. The attack, which took place on the 13th of August, left independent retailers unable to replenish stock or fulfil online orders, with no indication of when the service will come back online. As a result, these independent retailers are now suffering from significant financial consequences, with one retailer quoted as saying that they have lost “thousands of pounds”. Another said that their “business is frozen”, with a warehouse “full to the brim with stock we can't process”. Swan Retail has reported the incident to the National Cyber Security Centre and Action Fraud, and while it is unclear when their systems will return a spokesperson for the company stated that they are “working around the clock to resolve the issue and liaising with law enforcement.” (Drapers)
John Taylor High School shares pupils' exam results in data breach
18/8
“Human error” at John Taylor High School in Barton under Needwood, Staffordshire, has resulted in the A-level grades of “each and every pupil in the sixth form” being distributed to all parents and students at the school. The school, attended by 1600 students, apologised for the breach, reporting it to the Data Protection Officer and recalling the email from students – however, it was unable to do so for parents, and the Information Commissioner’s Office said that it is still waiting for a notice. John Taylor High School has now concluded its internal investigation, stating that measures will be put in place to prevent a reoccurrence. Parents of children in the sixth form have voiced their concern, with one parent saying that “The school has ultimately failed to protect their confidentiality in a fundamental way.” (BBC News)
Tesla's Massive Data Breach in May Affected Over 75,000 People
20/8
Tesla’s May data breach revealed the personal information of over 75,000 people, after 100 gigabytes of confidential data was leaked to German media company Handelsblatt. With the incident blamed on “insider wrongdoing”, employees' names, addresses, cell phone numbers, and email addresses were leaked, with the data set also including thousands of complaints about Tesla’s cars. Tesla stated that two former employees “misappropriated the information in violation of Tesla's IT security and data protection policies and shared it with the media outlet”. Handelsblatt has said that they do not intend to publish the information, with a series of lawsuits from Tesla resulting in devices thought to have contained the information being seized and court orders prohibiting the former employees from further use or access of the data. (Business Insider)
Last week's news headlines highlighted the risk that insider threats, whether malicious or not, can pose to your business. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!
Latest resources
It’s time to optimise your virtual machines
Broadcom’s acquisition of VMware has reshaped the virtualisation landscape, marking a major shift- the discontinuation of their perpetual licences in favour of a subscription-based model. This shift potentially means higher costs and new operational hurdles for businesses, prompting many to rethink their virtualisation strategies. With rising costs and shifting licensing models, now is the time […]
Celerity appoints new CFO as it accelerates next growth phase
BGF-backed Celerity, a leading provider of hybrid cloud and IT managed services, has appointed Ed Brookes as Chief Financial Officer (CFO). With a proven track record of driving growth and operational improvement in private equity-backed businesses, Ed’s recruitment will support Celerity through its next growth phases following the announcement of Craig Aston as CEO in […]
Is software asset management recommended in the ITIL?
Software asset management (SAM), where an organisation tracks its software assets throughout their entire lifecycle, is crucial to ensure software is used legally, efficiently, and compliantly with regulations. SAM focuses on helping businesses understand the terms of their software licensing, track and audit licenses to ensure compliance, and negotiate cost efficiencies with vendors.Formally known as […]
