A recent Cyber Attack which hit a large UK high street retailer has caused the data of many previous customers to be leaked.
The affected data included names, email addresses, phone numbers, order details and the final four digits of bank cards.
Whilst they claim that the affected data was limited, the data that was affected was years old. Data involved in the breach was related to online orders from between November 2018 and October 2020.
Despite the attack affecting only historical data, it only occurred in the last few days.
This attack raises the question of why data so old is still vulnerable to Cyber Attackers?
Businesses across the UK and European Union are legally obligated to comply with the General Data Protection Regulation (GDPR). One of the rules of this act is that data is not kept longer than necessary for the task it was collected for. This means that, by law, a company must destroy any data that is no longer strictly necessary for it to operate.
The data breached in the recent attack was all historical order data, with the newest record being over 2 years old, it raises the question, was this data required to still be stored?
It is as vital that your business considers what data it holds as well as how it does to ensure security and compliance with Cyber Legislation.
To stay Cyber Wise, click here to get in touch.