IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

It was the data breach that kicked it all off a year ago this week, the government admitted HM Revenue and Customs had lost two discs containing records on 20 million people.

The tax body had dumped data on a third of the population including children onto a pair of unencrypted discs and sent them off with a courier, not once, but twice.

In the uproar that followed, more and more stories about data breaches in the public and private sector began to be noticed and reported. Indeed, since the mess at HMRC, some 277 such mishaps have been reported to data watchdogs at the Information Commissioner's Office (ICO). Lost USB drives, stolen laptops and even papers left on a train have left millions of people in this country open to identity theft and fraud not to mention, a bit pissed off.

The government responded with amusingly ignorant debates in Parliament and massive reports two were released in one day offering reams of advice on how to avoid another HMRC.

But it's not exactly rocket science, now is it? In case you haven't been paying attention, we've gathered up the top 10 lessons to be learned from this year of data breaches.

Lesson One: The public wants to know about data breachesIt's no surprise newspapers jumped all over the HMRC incident. Uncovering a massive government error, caused by funding cuts and incompetence, is the stuff of happy dreams for journalists trust us on this one.

The tale of millions of records including banking details going missing because of such complete and utter foolishness didn't sit well with the public at all. And it shouldn't. Everyone affected faces identity theft and fraud because of incidents like this one; phishing attacks based on the HMRC debacle have already occurred, and those didn't even require the discs to fall into the hands of criminals.

So HMRC became a watershed. The odd big data breach was covered by the press before last November, but usually only if the story was connected to a large fine. Now, every lost laptop or misplaced memory stick was cause for a headline and outrage. The public you, me and everyone else had learned that poor data management could hurt them.

Unsurprisingly then, people have started calling for data breach notification laws. Companies are not legally required to tell their customers and citizens when data goes missing, but surveys have suggested the general public want such legislation, even if IT directors aren't so enthusiastic. Lesson Two: People can be sackedIt's something many people have called for over the past year someone to be held responsible for data losses. While the head of HMRC Paul Gray did step down after the breach, it was also for overall organizational concerns, which were certainly highlighted by the breach, but not the only symptom of troubles at the tax body.

But since then, laptops and USBs and discs have disappeared, and no one has been publicly sacked except in one case, involving Colchester Hospital.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

ICO: The public sector isn’t getting 'an easier ride' with GDPR penalties
Policy & legislation

ICO: The public sector isn’t getting 'an easier ride' with GDPR penalties

23 Nov 2022
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
data protection

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million

14 Jul 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022