Over 42 million Britons fell victim to compromised data breaches last year according to new figures released today.
The study by law firm RPC found financial data belonging to as many as 42.2m people in the UK was compromised in data breaches last year, up 1,777% from 2.2m in 2019-20.
The firms said the huge spike likely reflects an increase in the amount of data compromised, partly because of a greater number of ransomware attacks. These can potentially involve significant quantities of data being copied at the same time as encrypting the target’s data.
Having taken financial and other information from the target’s system, the criminal gang will threaten to sell this data, or leak it on the dark web, should the target refuse to pay the ransom.
Richard Breavington, Partner at RPC, explained that criminal gangs are carrying out the breaches, because their blackmail threats over encryption alone are becoming less effective as businesses get better at backing up their systems. But hackers have honed their tactics and added this additional form of blackmail.
The study found the financial cost to businesses posed by ransomware attacks can be dramatic. This includes not just the cost of the interruption to the business, but the various legal and regulatory ramifications of large amounts of personal data being taken.
Breavington added: “The surprisingly high number of people whose financial data was impacted in the last year shows how cyber-attacks have become endemic.
“Hackers are continually refining their methods, employing ever more complex techniques to extort money in whatever way they can. Some businesses, fearing the potential reputational costs, not to mention other consequences, decide that they will take the last ditch approach of paying the ransom demands.
“As a result, these attacks have become very lucrative for cybercriminals.”
Several large data breaches occurred in the past year, including one involving an airline, which saw nine million customers impacted. In the attack, believed to be one of the largest in the UK, hackers stole data including names, email addresses, travel details and credit card details.
RPC said the figures show how important it is for businesses to take precautions when processing and storing personal data relating to customers and employees. In addition to investing in robust IT security software, businesses should be careful as to where they hold sensitive data and how these files and folders are organised.
“Before carrying out an attack, hackers are increasingly carrying out reconnaissance to scope out protections that are in place, as well as data held by the company. Businesses should not be making their jobs easier by signposting this information,” Breavington added.