Ransomware has been raging around the world in recent years. Some victims refused to pay the ransom and tried to hide the breach. This spurred cybercriminals to change their strategy and disclose the stolen data includes dates of the first data breach, IP addresses and host names, and the stolen documents. The operators behind Maze Ransomware have even set up a website to list names, web addresses and part of the stolen data of 8 companies which refused to pay.
In the past, Ransomware gangs only threatened victims to reveal their data online. Now, the threat turns into a real crisis. These victims may face potential fines for failing to protect their customer data.
Data Breach Incidents under the Cybersecurity Law
In response to the increasing threats, regulations around the world have been developed to ensure data security. Since the implementation of the China’s cybersecurity law in June 2017, several data breach cases have been penalized. The People's Bank of China fined several organizations the administrative penalties of add up to 7.16 million yuan, which include banks, insurance companies, asset management companies and other financial institutions. Some of these organizations not only accused of data leakage, but also queried personal credit information without authorization, or even sold personal data illegally.
Apart from financial institutions, data breach incidents are found in the biotech and medical institutions. The Ministry of Science and Technology of the People’s Republic of China has fined 6 companies because of sampling, collecting, trading or exporting human genetic resources, or taking such resources out of China.
Data leakage can happen in any organizations, and it is inevitable to take substantive actions to protect corporate interests and safeguard customer data effectively.
Global Actions on Data Protection
The European Union's General Data Protection Regulation (GDPR) came into effect in May 2018, strengthening the responsibilities of organizations for data protection, requiring data to be collected and processed in a legal, fair and transparent manner, and specifying how the data is collected. It also stipulates that companies are obliged to take all reasonable measures to delete or correct erroneous personal data, or they will be fined up to 20 million Euros. If a data breach is found, the organization has the responsibility to report to the regulatory agency within 72 hours.
With different regulations in place and globalization in business, every organization should treat data security and legal compliance as the top priority. We believe that a trusted information security partner who is familiar with local regulations can mitigate cyber threats. Striving for service excellence, CITIC Telecom CPC’s security professionals are 100% certified with international security programs, plus the world-class Security Operations Centers (SOCs), we address cyber security demands effectively. Click here to contact our security consultants now for a free consultation.
If you would like to learn more about the topic, please leave us your information and we will contact you shortly.
You are about to visit our website