In the past two years, the U.K. Competition and Markets Authority (CMA) has been hit by 150 personal data breaches — 81 cases of unauthorized disclosure and 40 missing devices — Bloomberg reported on Tuesday (Feb. 9), citing freedom of information documents.
The CMA manages a trove of sensitive information, including internal reports and copies of emails. Stolen data could end up on the black market for profit, or could interfere with a takeover or investigation, although there has been no evidence of either.
Five breaches potentially posed a personal risk and were reported to the Information Commissioner’s Office (ICO). In three instances, the victims were notified and attempts were made to discover the root cause, the CMA said, per Bloomberg.
Five cases were a result of misrouted data, an ICO spokeswoman told Bloomberg, adding that the breaches likely didn’t expose deal information, but not every transaction flows through the agency with identifying information. The CMA was tasked with overseeing mergers and acquisitions following Brexit.
“The CMA takes any data breaches extremely seriously and continually reviews its processes to ensure the strongest possible safeguards are in place,” the CMA spokeswoman noted. “For this reason, we have fostered a no-blame culture for the reporting of security incidents and staff are encouraged to — and do — record even minor incidents, which can lead to a higher level of reports,” she said.
December cyberattacks on Capitol Hill — one of which brought Google down for an hour — were a reminder that although the internet itself can’t technically crash, fraudsters are out there. The World Economic Forum’s 2020 Wild Wide Web report named cyberattacks as the seventh most likely risk and the eighth-most impactful.
The FBI is still investigating the attacks, and the Russian embassy in Washington has denied any involvement. The attacks come at a time when more people are using the internet due to the coronavirus pandemic. The U.K. is forming a watchdog agency solely to encourage competition in the digital sector. If implemented, the agency would regulate Big Tech firms deemed to have “strategic market status,” or SMS.