The UK has been at the receiving end of the some of the biggest cyber-attacks in recent times. These have often resulted in the virtual destruction of IT systems, leakage of massive chunks of customer data and an ongoing identity theft crisis.
We take a look at the biggest cyber-attacks perpetrated in the UK and their respective impact on both businesses and citizens.
1. WannaCry ransomware attacks
While the ransomware attack that took advantage of SMB vulnerabilities in outdated Windows operating systems left its mark on over 200 countries, the NHS was the hardest hit. Following the attack which left over 40 NHS Trusts and hospitals unable to serve their patients, not only were IT systems related to X-rays, pathology and bleep systems affected, but hackers also got their hands on thousands of patient records including reports of blood tests, medicines, and patient histories.
NHS England was forced to accept that the ransomware attack was a “major incident” and among the biggest cyber-attack of its kind in recent history. The crisis exposed the severe vulnerability of the NHS’ largely-outdated IT systems to sophisticated cyber-attacks and malware intrusions.
2. Wonga cyber-attack
Payday loan company Wonga came under a severe cyber-attack in April that compromised confidential data of up to 245,000 UK customers. Termed as one of the worst data breaches ever in the UK, the incident resulted in the loss of sensitive customer data that included names, email addresses, home addresses, phone numbers, last four digits of card numbers, and bank account numbers and sort codes.
“Financial institutions, who currently face only trivial fines from the ICO, have little incentive to tighten cyber security. One can only hope that the increased fines that will become available to the ICO when GDPR comes into force next year will prompt banks to act with integrity and increase the security of their services,’ said Jeremy Swinfen-Green, Head of Cyber Security Consulting, TEISS.co.uk.
3. Three UK’s ‘upgrade fraud’ data breach
In December of last year, hackers were able to successfully infiltrate Three’s database that contained data on customers who were eligible for phone upgrades. The incident compromised sensitive personal data of as many as 133,827 customers that included names, phone numbers, phone types, dates of birth, addresses, marital statuses, previous addresses, genders, employment statuses and email addresses.
Hackers were able to use the database to fraudulently upgrade several customer contracts and steal a number of high-end devices as a result. Three termed the incident as “an ongoing industry issue.”
4. TalkTalk data breach
Between October 15th and 21st of 2015, a series of cyber-attacks on TalkTalk’s customer database resulted in the loss of sensitive data belonging to 156,959 customers. Hackers were also able to get their hands on bank account details and sort codes of at least 15,656 TalkTalk customers.
It later turned out that TalkTalk was using an outdated database software that was no longer supported and which hackers were able to access by employing a simple SQL injection. TalkTalk was subsequently fined £400,000 by the Information Commissioner’s Office (ICO) for the breach.
“In spite of its expertise and resources, when it came to the basic principles of cyber security, TalkTalk was found wanting. Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under the law, but because they have a duty to their customers,” said information commissioner Elizabeth Denham.
5. Tesco cyber-attack
In July of last year, Tesco suffered a major embarrassment after fraudsters succeeded in withdrawing money from 20,000 of the bank’s 136,000 current accounts. Suspicious activity was also observed across 40,000 accounts belonging to other customers.
Following the incident, Tesco was forced to freeze online transactions as part of emergency security measures. However, customers were able to conduct other operations like withdrawing cash and making direct debit payments as usual.
Andrew Bailey, chief executive of the Financial Conduct Authority (FCA) termed the bank fraud as ‘extremely serious’ and ‘unprecedented.’
These are but a few of the hundreds of cyber-attacks that British financial institutions, mobile carriers, and other enterprises have suffered and continue to suffer on an unprecedented scale. A research conducted by Oxford Economics and commissioned by cyber security experts CGI recently revealed that FTSE organisations lose, on an average, £120 million more from data breaches.
Researchers also found that that the monetary loss to investors was actually quite severe- to the tune of at least £42bn. They also found that the sector that fared the worst was healthcare, although criminals usually target companies who have financial records on their books.