Interserve Data Breach finalized. The Information Commissioner’s Office (ICO) fined Interserve Group Ltd. £4.4 million for failing to protect the personal information of its employees. According to a watchdog, hackers were able to collect the personal data of 113,000 employees due to phishing emails. Can you claim compensation? Keep reading…
Data breaches and hacks are today’s biggest problems. Check out the latest data breaches and hacks before we continue: CHI Health data breach, Facebook data breach, Uber Security data breach, American Airlines data breach, Medibank cyber attack, and Binance hack.
Interserve Data Breach costs £4.4 million
Interserve Group was assessed a £4.4 million punishment by the Information Commissioner’s Office (ICO) for failing to protect the personal data of its 113,000 present and past employees. The fine pertains to a data breach that happened on May 2, 2020, which Interserve claims was avoidable, according to the ICO. When Interserve operated an outsourcing company and was listed as a “key supplier to the government with clients including the Ministry of Defense,” the data breach occurred.
Following are the stolen data in the Interserve Data Breach:
- Personal information like contact information,
- Social security numbers,
- Bank account information,
- Sexual orientation,
- Health data.
The ICO investigation revealed that the business did not put “adequate technical and organizational safeguards” in place to stop a cyberattack.
“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.”Information Commissioner John Edwards
According to Interserve, they collaborated with ICO, but it didn’t save them from punishment.
“Interserve has worked extensively with the ICO and the NCSC since first reporting the cyber incident in May 2020. This cooperation and the work done to mitigate the possible impact on individuals are expressly recognised by the ICO in the ICO’s Monetary Penalty Notice (MPN).”Interserve
Interserve received a “notice of intent” from the ICO, a legal document, before a possible fine. The preliminary fine was set at £4.4 million. Interserve’s arguments were thoroughly investigated. However, the final fine amount was not altered.
Interserve Data Breach summary
In May 2020, a phishing email was shared with another Interserve employee. The email was not quarantined or blocked by Interserve’s system. The employee downloaded its content and opened it, which led to malware on the employee’s workstation.
Despite the malware being quarantined and an alert being generated by the company’s anti-virus, Interserve did not fully analyze the ominous activities. Interserve would have discovered that the attacker still had access to the company’s systems had it done so, according to the ICO.
Following the penetration of 283 systems and 16 accounts, the attacker also removed the company’s antivirus program. Up to 113,000 current and former employees’ personal information was encrypted and made inaccessible.
The inquiry by the ICO revealed that Interserve ignored the initial report of suspicious behavior, used antiquated software systems and protocols, lacked enough staff training, and conducted insufficient risk assessments, leaving it open to a cyber attack.
Interserve violated data protection laws by failing to implement the necessary organizational and technical safeguards to guard against unauthorized access to individuals’ personal information.
Interserve received a notice of intent from the ICO, a legal document that comes before a possible fine. It set the preliminary fine at £4.4 million. Despite “careful consideration” of Interserve’s arguments, the ICO chose to impose the entire penalties.
Can you claim compensation?
According to European Commission, if a business or organization violated the legislation governing data protection and you had material damages (such as monetary loss), non-material damages, or both, you may be entitled to compensation (for example, distress or loss of reputation).
You have two options for filing a claim: with the firm or organization in question or with the national courts. The courts of the EU Member State where the controller or processor is located will hear your compensation claim. Alternatively, you could bring such a case before the courts of the EU Member State where you typically reside.
The Interserve Data Breach Settlement has not been announced yet. When it is public, this part will be updated.
What is Interserve?
The London and Tilbury Lighterage Company Limited, the company’s original name, was established in 1884. Following a merger with RM Douglas, it was known as Tilbury Douglas starting in 1991, but in 2001 it changed its name to Interserve plc. The name change partially reflected a shift in emphasis throughout the 1990s towards the maintenance and facilities management services sectors, which persisted in the 2000s, aided by additional acquisitions.
Interserve, a British construction and support services company with headquarters in Reading, Berkshire, entered administration in 2019 and is scheduled to close its doors in 2024. The company employed 34,721 people and had £2.2 billion in sales at that time.
Who owns Interserve now?
On 24 June 2021, the Ministry of Justice renationalized its Citizen Services division as part of the UK Government’s new probation delivery model. On 6 October 2021, RMD Kwikform was sold to France’s Altrad group for more than £140 million.
Outcomes of data breaches: Equifax & T-Mobile
The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.
Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the conditions of the deal. Additionally, the company must pay court fees and government fines.
Take a closer look at how data breaches effects companies: Equifax Data breach settlement
The cybersecurity vulnerability was first disclosed by T-Mobile and was made public on August 16, 2021. According to reports, almost 77 million consumers’ personally identifiable information was stolen due to the T-Mobile data breach. This contained database data such as addresses, dates of birth, social security numbers, driver’s license numbers, unique IMEIs and identification codes for client phones, and so on.
If granted, the $350 million T-Mobile deal will represent US history’s second-largest payment for a data breach.
Take a closer look at how data breaches effects companies: T-Mobile Data Breach Settlement