Data breaches are devastating for an organization. Like any cyberattack, a data breach requires an immediate response. The victim has to identify the scope and scale of the breach, whether it is limited to a data breach or whether other systems were affected, and take steps to prevent further access from the perpetrator. Some data breaches come as part of a larger ransomware attack, were the threat of releasing sensitive data is used to leverage payment instead of more traditional ransomware that holds physical devices ‘hostage’. Payment is often ineffective, with perpetrators releasing the data anyways one they’ve received their untraceable ransom money.
Then, there is the additional legal and economic fallout to a company after the data has been released. These data breaches don’t just hurt a major corporation, they also reveal sensitive information about that organizations clients, partners, and prospects. With data collection on individuals becoming more expansive, and digital privacy rights eroding, the potential impact of data breaches on the individual increases dramatically. Anything from your browsing history, recent purchases, family information, medical details, banking and financial information, or social security number could be revealed without you even knowing it happened. The latest example of a major data breach shows just how sensitive this released data can be.
London-based security firm TurgenSec announced that nearly 345,000 files from the solicitor-general of the Philippines, including sensitive information for ongoing legal cases, have allegedly been breached and made publicly available. The released documents included hundreds of thousands of files ranging from “documents generated in the day-to-day running of the solicitor-general’s office, to staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files titled with keywords such as “private, confidential, witness, and password”.” TurgenSec said after discovering the breach that the “data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact on-going prosecutions and national security.”