It’s been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined…
Wait, what? Who the hell are Boomerang Video?
Boomerang are a small video-game rental operation. Their website was hacked in 2014 and customer details stolen, including payment card data. How many customers? About 26,000 – so hardly on a par with Yahoo! or LinkedIn.
The ICO just fined them £60,000. Could you afford to be fined £2 for every customer you’ve ever had? Do you fancy justifying that to your FD, or your shareholders? Thought not. And on the usual GDPR fine-escalation basis, from May next year the ICO would have fined Boomerang £2.4m, or £92 per customer. That’s quite a lot of money, eh?
So maybe you should have a quick review of your information security.
Seriously – why are you still reading this post? Stop procrastinating and go ask your IT people some difficult questions.