It has been revealed that the personal and financial details of up to 27,000 Barclays customers have been leaked in what is reportedly the worst data breach suffered by a British high street bank to date.
The leak was exposed by an anonymous whistle blower who gave The Mail on Sunday a memory stick containing a sample of the available data on 2,000 of the bank’s customers and alleged the information is being sold on the black market for around £50 per file. At present, details on how the breach was enacted have yet to be revealed, however Barclays is said to have launched an urgent investigation.
This latest data breach is astounding and some serious questions need to be asked at Barclays, not only in regards to how this breach happened, but also why it took a whistle blower to inform the bank of the data loss. The sophistication of cyber attacks today is by no means a secret and it really is worrying that a high profile financial institution such as Barclays could fall victim in this way.
If ever the world needed proof that data breaches are a case of when, not if, this is it.
Details about how the data was exfiltrated are yet to be made public but, in reality, whether it was an insider removing the information or a highly sophisticated cyber attack, the lesson learnt should still be the same: without the ability to know what is happening on the network at all times and understand what ‘normal’ activity is, data can be removed from the organisation – often undetected.
This breach proves that every business must deploy robust, real time defences on their network, so that they can spot and combat threats as soon as they occur – not once it’s too late or on the off chance someone may blow the whistle further down the line.
There is no doubt that this breach will have far-reaching consequences for Barclays, but it should also act as a wake-up call for every other organisation in the country. The absolute key to data security is proactive monitoring.
Not only can this strategy prevent a breach occurring in the first place but, if an attack is successful, can ensure the identification and remediation much faster. It is also high time that the government speed up the implementation of mandatory breach disclosure laws in order to provide organisations with further incentive to ensure they’re looking after their customers’ data. In this day and age, it really shouldn’t take an external party to highlight a breach. Instead, whistles should already be blowing internally – and loudly.