Cyber Security News Roundup – 21st August 2023

Last week's cyber security headlines highlighted the importance of mitigating insider threats - whether malicious or not. To learn more about each story, click the headings.

Norfolk and Suffolk police admit breach involving personal data of 1,230 people

15/8

Following the recent news of data breaches at the Police Service of Northern Ireland and Cumbria Police, two more police forces in England have admitted mishandling the data of victims, witnesses and suspects. The data of 1,230 people involved in cases including domestic abuse incidents, sexual offences, assaults, thefts and hate crimes, was released in files responding to freedom of information (FoI) requests. The Information Commissioner’s Office has placed both forces under formal investigation, with a deputy commissioner saying that these breaches highlight “just how important it is to have robust measures in place to protect personal information”. Depending on the outcome of the ICO investigation, both forces could be facing fines. In a statement, the police confirmed that raw data, including personal identifiable information belonging to the constabularies, had been included in the files, adding that there was no evidence that anyone had clicked on the links to read the files and that FoI request procedures are under continuous review. (The Guardian)

Indies 'in standstill' after cyber attack hits IT supplier

18/8

A cyber attack that targeted fashion retail management solutions provider Swan Retail has resulted in disruption to  inventory management, order fulfillment and accounting services. The attack, which took place on the 13^th of August, left independent retailers unable to replenish stock or fulfil online orders, with no indication of when the service will come back online. As a result, these independent retailers are now suffering from significant financial consequences, with one retailer quoted as saying that they have lost “thousands of pounds”. Another said that their “business is frozen”, with a warehouse “full to the brim with stock we can't process”. Swan Retail has reported the incident to the National Cyber Security Centre and Action Fraud, and while it is unclear when their systems will return a spokesperson for the company stated that they are “working around the clock to resolve the issue and liaising with law enforcement.” (Drapers)

John Taylor High School shares pupils' exam results in data breach

18/8

“Human error” at John Taylor High School in Barton under Needwood, Staffordshire, has resulted in the A-level grades of “each and every pupil in the sixth form” being distributed to all parents and students at the school. The school, attended by 1600 students, apologised for the breach, reporting it to the Data Protection Officer and recalling the email from students – however, it was unable to do so for parents, and the Information Commissioner’s Office said that it is still waiting for a notice. John Taylor High School has now concluded its internal investigation, stating that measures will be put in place to prevent a reoccurrence. Parents of children in the sixth form have voiced their concern, with one parent saying that “The school has ultimately failed to protect their confidentiality in a fundamental way.” (BBC News)

Tesla's Massive Data Breach in May Affected Over 75,000 People

20/8

Tesla’s May data breach revealed the personal information of over 75,000 people, after 100 gigabytes of confidential data was leaked to German media company Handelsblatt. With the incident blamed on “insider wrongdoing”,  employees' names, addresses, cell phone numbers, and email addresses were leaked, with the data set also including thousands of complaints about Tesla’s cars. Tesla stated that two former employees “misappropriated the information in violation of Tesla's IT security and data protection policies and shared it with the media outlet”. Handelsblatt has said that they do not intend to publish the information, with a series of lawsuits from Tesla resulting in devices thought to have contained the information being seized and court orders prohibiting the former employees from further use or access of the data. (Business Insider)

Last week's news headlines highlighted the risk that insider threats, whether malicious or not, can pose to your business. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!