Attackers have 16-digit card numbers, expiry dates, but not names. Should org get £500k fine?
Summary
A UK appeals judge has sided with the ICO in its legal battle against a retail group that suffered a major data breach in 2017. The breach exposed 16-digit card numbers and expiry dates, but not cardholder names, potentially leading to a £500k fine.
IFF Assessment
FOE
A data breach occurred, potentially leading to a significant fine, which is bad news for organizations.
Defender Context
This case highlights the potential financial penalties associated with data breaches under GDPR and similar regulations. Defenders should prioritize data protection measures, including encryption and access controls, to prevent data exfiltration. Organizations need robust incident response plans to mitigate the impact of breaches and minimize potential fines.