October 31, 2018 - Dan Swinhoe - ComputerWorld
Several companies have already had to pay fines or settle due to data breaches. THE Uberfor example, it had to pay close to US$ 150 million in 2016. Poorly protected and tightly regulated health data has cost large medical facilities, causing the US Department of Health and Human Services to collect ever larger fines.
The fines could be even higher with the current European Union General Data Protection Regulation (GDPR). Data regulators in the EU can fine more than € 20 million and several high profile companies have suffered large-scale breaches since the new regulations came into force.
Check out any of the companies:
Uber: US$ 148 million
In 2016, Uber had user accounts of 600,000 drivers and 57 million passengers violated. Instead of reporting the incident, the company paid the criminal US$ 100,000 to keep the hack a secret. These actions, however, cost the company dearly. She was fined US$ 148 million & #8211; largest data breach payment in history & #8211; for violation of state data breach notification laws.
Yahoo: US$ 85 Million
In 2013, Yahoo suffered a massive security breach that affected its entire database, about three billion accounts & #8211; almost the entire population of the web. The company, however, did not disclose this information for three years.
In April, the US Securities and Exchange Commission (SEC) fined the company US$ 35 million for not disclosing the violation. In September, Yahoo's new owner admitted that he had resolved a class action lawsuit resulting from the US$ 50 million breach.
A total sum of US$ 85 million for a total of three billion accounts equals about US$ 36 per record. Given that the average cost per record of a data breach is about US$ 148 and IBM has put the cost of breach of secrecy at hundreds of millions of dollars, the company may have been relatively spared.
Tesco Bank: US$ 21 Million
Tesco Bank, retail banking arm of the UK supermarket chain, was fined £ 16.4 million (US$ 21.2 million) by the UK Financial Conduct Authority (FCA) after just over US$ 3 million were stolen from 9,000 customer accounts in 2016. FCA accused Tesco of & #8220; in the design of their debit cards, financial crime controls and their financial crime operation team.
Anthem: US$ 16 million
US health insurer Anthem suffered a violation in 2015 that affected 79 million people. The violation included names, birthdays, Social Security numbers and medical IDs. In October, the company was fined US$ 16 million for violations of the United States Department of Health and Human Services by the Health Insurance Portability and Accountability Act (HIPAA). This fine went beyond the US$ 115 million the company had to pay in 2017 to resolve a class action related to the violation.
University of Texas MD Anderson Cancer Center: US$ 4.3 million
In June, a judge upheld the decision to fine the University of Texas MD Anderson Cancer Center on US$ 4.3 million for HIPAA violations. The cancer center suffered three data breaches between 2012 and 2013: a case of theft of an unencrypted laptop from an employee's home and two unencrypted USB were lost. The health information of more than 33,500 people has been lost.
Fresenius Medical Care North America: US$ 3.5 Million
In February, Fresenius Medical Care North America (FMCNA) received US$ 4.3 million due to five violations at different locations in the company between February and July 2012. An investigation by the Civil Rights Office found that FMCNA had no & #8220; conducted an accurate and complete analysis of the potential risks and vulnerabilities to the confidentiality, integrity and availability of all health information it was storing in its different entities. ”
These failures include not preventing unauthorized access to facilities and equipment, not encrypting health data, not governing the removal of electronic media that stores health data, and having no security incident procedures.
Equifax and Facebook: US$ 650,000
Equifax and Facebook may consider themselves lucky. The UK Information Commissioner's Office fined both companies for data failures under the pre-GDPR Data Protection Act, where the highest possible fine is only £ 500,000 (approximately US$ 650,000). Under GDPR, the penalties could have been much higher. In October, Facebook was fined over the Cambridge Analytica data scandal, while Equifax received the maximum fine in September for the 2017 breach, which allowed data leakage from 147 million customers.
Possible upcoming penalties
British Airways faces a £ 500 billion (US$ 650,000) lawsuit after the 380,000 customer payment card details have been removed from its website and app.
Now that GDPR is in place, companies that experience data breaches are facing potentially huge financial repercussions. The recent failure & #8220; View As & #8221; from Facebook, the UK Conservative Party's unsafe conference app, the recent closure of Google's Plus social network and the leak of 5.9 million Dixons Carphone customer records may be subject to penalties. In September, Canada's AggregateIQ (AIQ) analytics firm became the first company to receive a GDPR warning, possibly paving the way for a future fine.
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
- Archer da RSA Security, considered by the institutes Gartnerand Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
- [SAFEWAY]Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
- And others, involving technologies Imperva, Thales, BeyondTrust, Manly, WatchGuard Technologies