Breach Notification , COVID-19 , Endpoint Security

Data Breach Culprits: Phishing and Ransomware Dominate

Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government
Data Breach Culprits: Phishing and Ransomware Dominate
Reports of data protection rule violations and personal data breaches made to the U.K. Information Commissioner's Office

Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports.

See Also: Gartner Market Guide for DFIR Retainer Services

The Information Commissioner's Office, which enforces the country's data protection laws, including compliance with the General Data Protection Regulation, says it received 2,552 reports of security incidents in the second quarter of 2021. The quantity of reports filed continues to remain nearly steady, except the numbers dipped to just 1,446 at the beginning of the COVID-19 pandemic.

Comparing Q2 to Q1, many cyber breach culprits also stayed steady, per the following number of reports filed to the ICO that said incidents traced to the following:

  • Phishing: 284 reports - 14% increase;
  • Ransomware: 144 reports - 5% decrease;
  • Other cyber incident: 90 reports - 31% increase;
  • Unauthorized access: 63 reports - 6% decrease.

The most common breach culprit remains the catch-all "other non-cyber incident," for which reports increased by about one-third. Second place continues to go to protected data being emailed to the incorrect recipient.

Source: ICO

In terms of other non-cyber breach culprits, reports that traced the incident to the loss or theft of a device, or of paperwork left in an unsecured location, increased by about one-third.

Lost: 'Secret UK Eyes Only' Documents

Of course, not all data breaches involve personal data or other protected types of information covered by GDPR.

Indeed, one of the most egregious data breaches that's come to light in the U.K. in recent months involved a member of the public finding at a bus stop in Kent a soggy set of classified British military documents, which they handed over to the BBC.

The documents, the BBC reported, included details of plans to sail the British destroyer HMS Defender on June 23 through Ukrainian waters, 12 miles off the coast of Crimea, which is disputed territory. That incident sparked a diplomatic row with Russia, which brought its own ships within 100 yards of the vessel and buzzed it with warplanes.

HMS Defender on the River Clyde in Scotland (Photo: Mark Harkin, via Flickr/CC)

The BBC reported that the documents also included plans for a potential U.K. military presence in Afghanistan, following the planned U.S. withdrawal.

British Defense Minister Jeremy Quin, a Conservative MP, on June 28 told the House of Commons he was "very sorry" that the documents had been lost, which he ascribed to "a senior official," who had self-reported their loss.

"The documents lost included a paper that was marked 'Secret U.K. Eyes Only,'" Quin said. "The Ministry of Defence has launched a full investigation. … While the investigation is being conducted, the individual's access to sensitive material has been suspended."

Quin said the BBC had handed the documents over to ministry officials.

The documents included plans for two different routing options - one near Crimea, which was chosen, and one much farther away, the BBC reported. For the route chosen, the documents assessed three likely Russian responses, ranging from "safe and professional" to "neither safe nor professional," the BBC reported.

The Ministry of Defense said in a statement at the time: "As the public would expect, the Ministry of Defense plans carefully. As a matter of routine, that includes analyzing all the potential factors affecting operational decisions. HMS Defender conducted innocent passage through Ukrainian territorial waters in accordance with international law."

Minister Resigns After CCTV Camera Leak

Some politicians, however, questioned the timing of that breach, which happened just after embarrassing video footage emerged of Matt Hancock, a Conservative MP who was then the Secretary of State for Health and Social Care, showing him breaking social distancing rules by embracing an aide. The images were published by the Sun newspaper on June 25. Hancock resigned as health secretary on June 26.

On June 27, the BBC first reported on the mislaid Ministry of Defense documents.

"There was certainly something of le Carré in the faintly absurd discovery of these soggy documents behind a bus stop in the garden of England," Martin Docherty, a Scottish National Party MP, told the House of Commons on June 28, referencing the famous spy novelist. "I do not think that we can help but notice the general context. The documents were discovered in the same week in which a more serious security breach - that of confidential CCTV images from a Whitehall Ministry, which leaves many of us unsure and distrustful of the motives of those involved."

Last month, the ICO raided two residential properties in England and seized multiple computers and electronic devices in the course of investigating how the CCTV footage from a government building had been leaked, which it says allegedly violated the country's Data Protection Act.

Emcor, a security firm that manages facilitates and CCTV systems for the Department of Health and Social Care, reported the breach to the ICO, alleging that the May 6 footage was taken from Emcor's systems without its consent.

"It's vital that all people, which includes the employees of government departments and members of the public who interact with them, have trust and confidence in the protection of their personal data," Steve Eckersley, the director of investigations at the ICO, said when announcing the raids.

"In these circumstances, the ICO aims to react swiftly and effectively to investigate where there is a risk that other people may have unlawfully obtained personal data," he said. "We have an ongoing investigation and will not be commenting further until it is concluded."

But some government officials have warned that whoever leaked the footage might be able to claim whistleblower protection, because they showed a government minister breaching guidelines he himself had put in place, the Guardian reported.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.