Personal risks arising from privacy breaches in business
Modern computer technologies enable the handling of an unprecedented amount of private and public information exposing customers to a number of potential risks.
The TalkTalk cyber attack saw the personal details of 157,000 customers, including credit card details, being disclosed in October 2015. As a result, the company lost an estimated £60m and over 100,000 customers, but customers were also open to potential identity fraud: in some cases, fraudsters used the data to allow them to pose as TalkTalk engineers, contacting customers and persuading them to install malware on their machines.
This kind of data breach is a type of unwanted disclosure - the disclosure of personal data to parties not intended to receive it. Unwanted disclosure can happen when businesses interact with third parties, such as in the case of outsourcing operations, and also covers disclosure of secondary information: for example, partial information about user activities.
The following personal risks can arise from such data breaches:
Secondary use of information refers to the use of information for other purposes than the one originally intended at the time of collection. For example, data collected to provide a service is later used to target a customer in adverts.
Leakages. Personal information of customers can be leaked or lost via a variety of ways such as at the network or server ends.
Identity theft or fraud. This happens when an imposter gains key pieces of personal information that enable them to impersonate the victim.
We will explore financial fraud in more detail in Week 2 of the course.
- Now think about the recent Strava and Facebook breaches where user data were exposed, what kind of risks were users exposed to, and what impact might these particular breaches have?
© Newcastle University