In a catastrophic week for data privacy, British Airways and MYOB have been publicly outed for data breaches.
British Airways has been slammed with a record $329.33 million AUD fine for compromising the personal information of roughly half a million people last year.
The breach resulted in British Airways’ customers being diverted to a fraudulent site which harvested the details of around 500,000 people.
Just when #GDPR seemed to be a buzzword from last year, this reminder comes along: British Airways faces record £183m fine for data breach https://t.co/tM7zJuhVtp#Cybersecurity #news #cyberthreats #databreach #gdpr #cybersmart
— CyberSmart (@CyberSmartUK) July 8, 2019
Threat group Magecart has since been identified as the culprit.
Details included credit card numbers, expiry dates and CVV codes, names, addresses and travel information.
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” UK Information Commissioner, Elizabeth Denham, stated.
“That’s why the law is clear – when you are entrusted with personal data you must look after it.”
Meanwhile MYOB has apologised for a data leak that saw payment summaries sent to the incorrect recipients last month between 1 June and 28 June.
The online accounting-ware vendor has revealed 220 individual payment summaries were distributed to the wrong people.
“We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors,” MYOB stated.
“A small handful were detected and stopped, while all other payment summary emails have since been released in batches with the final emails to be sent by close of business today.”
MYOB also said it has communicated with customers on how to protect their identities and offering advice on how to “safely and correctly dispose of the misdirected payment summary emails.”
It has also amended its code to make sure this error doesn’t happen again and is “working closely with the ATO and Office of the Australian Information Commissioner to ensure that all appropriate steps are taken.”
“We are sincerely sorry for the situation,” the statement says, “as well as the frustrations experienced by all our AccountRight Live customers caused by the delay in sending the payment summary emails. We apologise for the inconvenience caused as we know it is a busy time of year for businesses, however we could not take the risk with such sensitive, personal information.”
Criterion’s 3rd Data Privacy and Protection Summit is running at the Sydney Harbour Marriott from 27-29 August 2019. With a host of speakers at the forefront of data privacy and protection, this is a unique opportunity to adapt to regulatory requirements, build a privacy-aware culture and strengthen customer trust in your business.