Data breaches are becoming more common than ever in Ireland and the cost of repairing the damage isn’t getting any cheaper for small to medium sized businesses. The cost to businesses for a record lost or stolen as a result of a data breach amounts to more than €100 per document, as stated by a study conducted by IBM and Ponemon Institute.
According to the Irish Times, the mobile parking operator, Parkbytext have confirmed that their information accounts have been affected by malicious software, as a result of a service outage on Friday, July 28th.
Information including “account details for car registration, mobile number, email, and proof of address and licence” may have been breached after malicious software entered Parkbytext’s computer servers.
Customers were informed about the incident earlier this week by email. However, they have yet to be informed whether their sensitive data was compromised by the potential Data breaches.
According to Parkbytext, account passwords and credit/debit card details were perfectly secured by encryption and thus was had no way of being affected by the cyber-attack.
Parkbytext has begun its investigation process into the incident and will update customers after a report is released on Friday.
A spokeswoman for the Data Protection Commissioner said Parkbytext had alerted the office of the potential data breaches in line with the commissioner’s code of conduct and that an investigation had commenced and is correctly on going. According to the commissioner’s office, Parkbytext is obliged to keep personal data protected and secured. They are also responsible for alerting customers when the security of personal and sensitive data has been jeopardized.
“In the event that a breach of personal data is established, customers retain the right to raise a complaint with the DPC in respect of their own personal data.”
Furthermore, a spokeswoman from Dublin City Councils said the city’s Parking Tag system has not suffered any comparable data breaches and thus no malicious software had entered the server. She also said the council was aware of the ripple on effect a data breach can have on the sensitivity of personal data and thus treat all information with “the highest levels of security” using anti-virus malware protection, strong network controls, regular vulnerability scans, penetration tests and secure coding standards.
The Central Bank of Ireland cautioned that firms should take extra measures to protect the personal data of their customers given the escalation in the number of occurrences regarding cyber-attacks and business interruptions.
Earlier on this year, IT systems at the Irish operations of three international companies were affected by a major new global cyber attack. US pharmaceutical company MSD claimed its IT systems had been “compromised” by the suspected “Petya” virus. The global container shipping company Maersk Line also stated its UK and Ireland systems had been hit. UK advertising agency WPP, which has offices in Dublin, has also been affected by the virus.
Because Parkbytext’s client data was not encrypted, Parkbytext would be in breach of GDP regulation and therefore, not be compliant. So, what can companies like Parkbytext do to protect themselves from the consequences of GDPR?
At PixAlert, our software is an agentless and powerful scanning solution which discovers, remediates and reports on critical data centrally. This includes critical data of credit card numbers, names, addresses, PPS number, governments’ ID number, passports, inappropriate images, etc. If it exists in your system we will find it.