By Paul Whitaker, Partner and Head of Dispute Resolution, Moore Blatch
Hacking is once again in the news after the adultery site Ashley Madison suffered an attack by the “Impact Team” that claims to have stolen details of names, addresses, credit card details and sexual preferences and threatens to publish them unless the site is shut down.
Chris Froome, the Sky cycling team rider and favourite to win this year’s Tour de France has allegedly had his training files hacked into and allegations are now circulating that the data is only consistent with using performance enhancing drugs.
Ashley Madison and the Sky cycling team are just the latest in a growing list of high profile companies that have had their systems hacked into. In 2011 Sony announced the loss of PlayStation customer data and Apple announced that it had been hacked in February 2013.
In April 2013 the Department for Business, Innovation & Skills (BAS) published results of a survey it carried out that showed that 93% of large businesses (employing more than 250 people) and 87% of small businesses had reported a security breach in the previous year.
These attacks can come from both inside and outside the business, caused by staff or unauthorised outsiders. One in 10 large organisations had had confidential information or intellectual property stolen.
The Information Commissioners Office has said that the security provisions within the Data Protection Act 1998, in particular the 7th data protection principle include cyber security and the need to protect personal data from cyber security vulnerabilities including cybercrime.
The ICO fined Sony £250,000 following the hacking of its PlayStation network in 2013 and in March 2014 fined the British Pregnancy Advice Service £200,000 after it was hacked and in October 2014 fined Worldview Ltd £7500 after it suffered an SQL injection attack.
Any business that retains information about its customers, especially credit card and or financial details represents a target for hackers and needs to make sure that it is cyber secure or risk facing claims for breach of contract/negligence from its customers or suppliers (including credit card companies seeking to recover the costs of cancelling and reissuing credit cards and reimbursing cardholders for fraudulent use of their details) as well as fines from the IOC.