It's been a long 2015 in regard to data security, but there are still new breaches being discovered and reported in these last two months. Despite corporations investing heavily in data protection, small errors can have big consequences, and a lack of email encryption will certainly lead to data leaks, loss and theft.
"Customers had their personal investment information released to the public."
A glitch in the system
According to Financial Times, London-based online investment management firm Nutmeg experienced an email system glitch on September 1, 2015. The company told the source that a flaw in code resulted in the sending of an email containing the investment and financial information of over 30 accounts to the wrong recipient. While banking data wasn't included in the message, names, personal addresses, investment details, asset information and "risk appetite" data was, and as a result, 32 customers had their personal information released to the public.
After experiencing the accidental data breach, Nutmeg reported the incident to the the United Kingdom's data protection agency, the Information Commissioner, Financial Times pointed out. Fortunately, the ICO opted against regulatory actions. Rohan Massey, a professional in the IT and data protection sector working for Ropes & Gray, told the source that the ICO won't further investigate the data breach since it doesn't directly pose a "risk of harm" to Nutmeg's customers.
Reputation loss, blame and maybe fines
However, Massey asserted the opposite. With investment information out in the public eye, the individuals whose data was breached could end up being targets of hackers and their cyberattacks. That said, a lack of standards in this regard means that Nutmeg could get off easy - but it won't be that easy.
As a relatively new organization, Nutmeg must build up a reputation, and this accidental data breach could cause many investors to rescind their trust in the firm. After all, the cyberincident highlights a lack of strong security on Nutmeg's front, and it's possible that another glitch or error could cause another breach.
Additionally, Citywire reported that the ICO isn't the only agency that has a say in Nutmeg's data breach: The Federal Conduct Authority has fined organizations in the past for similar incidents, and therefore, Nutmeg could face fees due to poor data security with respect to customers' personal records. Nutmeg demonstrated a lack of adequate control over its automated systems, as well as failing to encrypt sensitive data when willingly sending personal information over email. Regardless of the mistake, that data should have been obscured and only accessible to the appropriate individuals. If that was the case, this breach potentially could have been avoided.
Sometimes encrypting emails can be difficult, as many solutions make users jump through hoops. While this isn't an excuse not to encrypt sensitive data in emails, with solutions that are second nature, enterprises - and Nutmeg - could mitigate the risk of data exposure.
CloudMask is a data-centric cybersecurity tool that not only enables end users to encrypt all of their communications and documents, but also gives them control over the encryption key. This ensures that even if an email is sent to the wrong recipient by accident, data will remain hidden.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmaskShare this article: