July 12, 2018
Important Lessons From the Recent HardwareZone Data Breach
It was recently reported[1] that a hacker gained access to full names, usernames and email addresses from 685,000 HardwareZone accounts. The data breach on the HardwareZone forum occurred from September 2017 after a hacker impersonated a senior moderator to gain access to user profiles.
Organisations need to be on the lookout for potential threats to their data security and implement protocols to safeguard the personal data that they store.
Here are some lessons we can learn from the recent Hardware Zone data breach:
Comply with Personal Data Protection Commission (PDPC) guidelines
In 2015, HardwareZone purged personal particulars, such as NRIC numbers, telephone numbers and addresses of forum users from their database. While this helped them to comply with the PDPC ruling, it also prevented such information from falling into the hands of the hacker. If HardwareZone had been careless with its data protection practices, the names and email addresses obtained by the hacker can still be used by data thieves for criminal purposes now and in the future. Businesses should follow the PDPC’s guidelines closely and take care to protect the personal data of their customers, such as the data of their forum users, in this case.
Protect your physical data
With digital data breaches happening to organisations like HardwareZone, some may be tempted to focus their attention on digital data security. However, it is advisable for organisations to adopt a holistic security policy and protect not only digital data, but also physical data. Personal data can just as easily reside in physical documents. Moreover, physical data breaches are often harder to track since they don’t leave a trail. Adopting a Shred-it All Policy can go a long way to prevent any personal data – digital or physical – from falling into the wrong hands.
Appoint a Data Protection Officer (DPO)
Companies are legally required under the Personal Data Protection Act (PDPA) to appoint a DPO, whose responsibility is to ensure that there are proper protocols in place for managing personal data within the organisation. The DPO should keep their organisation on track with best data protection practices for both digital and physical data in order to minimise the risk of a data breach and avoid potentially hefty fines and reputation damage.
Educate your employees on data security
To prevent data breaches from occurring, businesses need to educate their employees on good data protection habits. It is essential that a culture of data protection is promoted, ensuring that all staff understand the role they play in protecting personal information.
Implement the right policies and procedures
Personal data is stored in vast quantities in digital form, such information is often printed out on paper too. Common sense policies such as a Clean Desk Policy can be put in place to ensure that employees do not leave personal data lying around on their desks where they can easily be accessed.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us for a free quote and security risk assessment.
[1] Zaccheus, M (2018). ‘685,000 HardwareZone accounts’ data compromised’. [online] The Straits Times. Available at http://www.straitstimes.com/singapore/685000-hardwarezone-accounts-data-compromised [Accessed 15 March 2018]