Following reports in the Newcastle Evening Chronicle that a council computer blunder led to a serious breach of credit and debit card details on Tyneside, there have been fresh calls for data breach laws to be introduced into the UK
Police were called in after details of thousands of people’s cards were downloaded to an address traced to the Middle East. According to the paper, millions of financial records held by Newcastle City Council have been accessed and up to 54,000 individual card holders have been affected. t went on to say that information was placed in error on an open server site which could be accessed by outsiders instead of a secure network. The site was shut down as soon as the problem was discovered, it says.
“There is no better argument than this for the introduction of legislation to force organisations to tell customers when their private details have been exposed to a security breach, says Steve Hurn, CEO of database security company, Secerno.
“54,000 card details have been exposed. There is currently no legal requirement for the council to tell the holders of those cards. And yet anything could have happened to them.”
According to Hurn, breaches like this shouldn’t happen in the first place. “Blaming human error is no longer good enough,” he says. “Data should be protected from human error. The technology already exists to monitor and block any abnormal behaviour such as personal data being moved to the wrong place (in this case, a public site).
"We don’t know the scale of data security breaches in the UK because organisations try to hush them up. But statements from the US-based Privacy Rights Clearing House suggest 100m records have been exposed during their two years of monitoring such events.” said Hurn in a statement.