No business is completely immune to data breaches

It doesn’t matter how secure your cyber defences, or how robust your IT patch management processes, there are many ways that fraudsters can access and exfiltrate your data for criminal purposes.

Cybercriminals might access your customers’ data through systems used by your supply chain, or outsourced partners, whose defences may not be as robust as yours. They could gain access when an employee inadvertently clicks on a link in a phishing email. Or they could exploit an as-yet unpatched vulnerability in the software or systems used by you or your suppliers. The complex web of data interactions between businesses, suppliers, partners and IT systems means that no data can ever be considered 100% safe.

Skip to section...

In research we carried out in December 2021, 78% of organisations surveyed had experienced a data breach of customer information in the previous 18 months – and 39% had been hit more than once.

Data theft on a global scale

The recent vulnerability of the MOVEit file transfer protocol provides a sobering demonstration of the widespread damage and disruption that can be caused by this type of attack. MOVEit is used by organisations worldwide to securely transfer sensitive data. When a ransomware firm exploited a vulnerability in the software, they were able to steal vast amounts of confidential data and demand ransoms from its owners. The number of organisations known to be affected is currently more than 1,000, and the number of impacted individuals exceeds 60 million[1].

What is MOVEit?

MOVEit is a managed file transfer protocol created by Ipswitch, Inc. Used by a wide range of companies across the public and private sector, it was hacked in May 2023 by a group called CL0P who gained access to sensitive personal data using ransomware.

In many cases, the MOVEit software was not being used by the impacted organisations directly, but by outsourced data processors providing a range of data-handling services. Among those affected were trusted organisations and household names from around the world, which suddenly had to respond to a breach of software they did not themselves use. Nevertheless, these organisations needed to face up to the loss, and inform and support their customers through the recovery process.

Fraudsters seek path of least resistance

Cybercriminals are constantly looking for the path of least resistance in IT systems, to find the easiest way to get access to data. The MOVEit exploitation is an example of a zero-day attack, which is really the golden key for cybercriminals. A zero-day attack exploits a previously unknown, and therefore unpatched, vulnerability in a system or software. When the criminals attack, the target organisations have no way to close the vulnerability immediately because no patch exists. The gateway to hackers remains open until developers are able to produce a patch. These exploitations are so named because the organisations impacted have ‘zero days’ to patch the vulnerability and stop the data loss.

No room for complacency

The MOVEit exploitation happened at a time when businesses were questioning whether or not they should retain their cyber insurance policies, because premiums were going up, exclusions and exemptions were being introduced, and policy excesses were increasing.

The far-reaching implications and impacts of this breach are a stark reminder to businesses that even if your own IT systems are robustly protected, your data can still be at risk. The attack was not targeted at specific companies, but at the software used by thousands of organisations globally.

Crisis responders under pressure

The overwhelming scale of MOVEit put a huge strain on the available expertise and resources to help businesses recover – including legal teams, forensic IT specialists, crisis PR companies, data breach and crisis response providers. MOVEit highlighted the fact that crisis recovery resources are finite and, in the aftermath of a systemic attack, businesses may find those resources difficult to access.

It highlights the need for organisations to prepare for a possible ransomware or malware attack, whether directly on their own systems or on the systems of their suppliers.

Is your business ready to respond?

Preparing a response and recovery plan in advance gives your business the best chance of being able to deal with the consequences of a breach efficiently and effectively. Companies whose data is breached are likely to be fined by the regulator. If your business then fails to inform customers promptly and mount an effective recovery process, you could face further fines.

But the biggest impact of a data breach is the potential damage to your reputation, particularly if you are a consumer-facing brand. If you handle the data breach notification and recovery process swiftly and professionally with your customers, you stand a far better chance of protecting your hard-won reputation.

The first step to developing the right response and recovery plan for your organisation is to understand the implications of a data breach, and the actions you will need to take to inform and support customers. Understanding how to quantify the impacts, determine your responsibilities and identify the resources you will need to respond effectively will be the subject of my next blog post.

How can we help?

If you’re concerned about the impact of a data breach on your organisation, please visit our website or contact the Experian Crisis & Data Breach Response team on 0844 4815 888 or via email.

Get in touch

Get in touch with our Experian Crisis & Data Breach Response team

Get in touch
Copy Link Copied to clipboard