As many as 42.2 million Brits had their financial data compromised in cyber breaches last year, up a staggering 1,777% from 2.2 million the year prior, data gathered by international law firm RPC has revealed.
The London-headquartered firm compiled information from the Information Commissioner’s Office (ICO) provided by organisations who suffered a breach between June 2020 and June 2021 and found that the huge spike was partly due to a greater number of ransomware attacks.
“The surprisingly high number of people whose financial data was impacted in the last year shows how cyberattacks have become endemic,” said RPC partner Richard Breavington. “Hackers are continually refining their methods, employing ever more complex techniques to extort money in whatever way they can.”
He explained that criminal gangs often threaten to sell stolen data, or leak it on the dark web, should the target refuse to pay the ransom, adding that cybercriminals were resorting to this “additional form of blackmail” because their threats over encryption alone were becoming less effective as businesses got better at backing up their systems.
“Some businesses, fearing the potential reputational costs, not to mention other consequences, decide that they will take the last-ditch approach of paying the ransom demands,” Breavington said. “As a result, these attacks have become very lucrative for cybercriminals.”
Several large data breaches have hit prominent UK businesses in the past year, including one involving an airline, which saw nine million customers affected. In the attack, believed to be one of the largest in the country, hackers stole data, including names, email addresses, and travel and credit card details.
To prevent such incidents, RPC advised companies to take precautions when processing and storing sensitive data relating to customers and employees and to invest in robust cybersecurity software.
“Before carrying out an attack, hackers are increasingly carrying out reconnaissance to scope out protections that are in place, as well as data held by the company,” Breavington warned. “Businesses should not be making their jobs easier by signposting this information.”