The number of data leak instances has increased in past few years. Businesses face severe damage from data leaks. Most businesses lose their reputation after the data leaks but if the business is working in the European Territories then there are other herculean compliances.
What are Data Leaks?
Data leaks are the unauthorized release of protected data of the organization to external and unauthorized third parties. Data leaks can occur as a result of a hacker attack, computer virus spread, an employee act currently or previously employed by an organization, or unintentional loss.
As the partnerships between financial services firms flourish, vast troves of valuable consumer data are getting exposed to financial technology companies.
Now under the European GDPR Law, these data breaches are required to be reported to the information commissioner within the stipulated time frame.
Examples of Data Leaks
In the two months of 2018, the British Airways website diverted users’ traffic to a hacker website, which resulted in hackers stealing the personal data of more than 400,000 customers. The company had inadequate security mechanisms to prevent such hacking attacks, which resulted in one of the largest fines on the company. Later, Amazon faced bigger penalties from Luxomberg Data Protection Authorities.
The most recent data leak came from Blackrock. Earlier this month, the financial institution acknowledged it had inadvertently published the names, email addresses, and other information of 20,000 advisors online. While no sensitive information was made public, industry experts and regulators, notably the SEC, have warned the financial services industry to take extra precautions to secure access to client information.
Biggest Data Breach
The biggest of all the data breaches was faced by Yahoo. Two hackers sent Yahoo! employees a series of spear-phishing emails containing a malware download link. All it took for hackers to gain access to the company’s network was a single click by one staff member. Once they were inside the network, the next target was to find the user database.
Indian Data Breach
State Bank of India the financial sector leader in India was mired in controversies as its data servers in Mumbai were found to be accessible to the public. State Bank which is considered to be one of the best banks has risk management teams that expose its servers vulnerable to data theft and hackers.
A security researcher found the data server was not protected by a password or any kind of other security measures. The server was essentially an open book to anyone on the Internet with the right skills to grasp the bank data of millions of people. The security researcher then contacted Techcrunch and gave the publication all the details.
The security researcher was able to track transaction details in real-time. Regtech companies with an understanding of the regulatory compliance related to cybersecurity are seen as the booming new regtech innovation. GDPR provides an important trigger for the regtech companies to design and develop products around the new laws.
These Regulatory Technology (Regtech) companies come up with innovative methods of penetrating the servers of the banks and help the banks in managing the big data of their customers.
It was fortunate that the data was not stolen, according to the research published by a forensic accounting firm Indiaforensic, the stolen data leads to money laundering in the digital world. There are underground internet marketplaces where this data is traded.
In the countries like India, data leakage should not only attract penalties for violation of regulatory reporting norms but should also lead to extensive and additional regulatory requirements from the Reserve Bank of India.