No sooner had the European Commission announced that it will be taking steps to toughen already-stringent data privacy laws, then a UK operator fell victim to a major cyber-security breach.
The company was subject to a distributed denial of service attack that could potentially put all of its four million customers’ personal and bank data at risk. At the time of going to press, TalkTalk was unable to confirm the scale of the attack nor who had instigated it.
As well as having to fend-off hackers, however, TalkTalk will now also have to battle the potentially damaging consequences the attack will have on its reputation and bottom line. It is the latest in a long line of high-profile companies to have fallen victim to hacking, which is eroding consumer confidence in the telecoms sector as a whole.
One shoulder TalkTalk won’t be turning to cry on is the European Union. Under new laws likely to be adopted in 2016, the European parliament is aiming to set heavy penalties for privacy breaches. The mooted figures are eye-watering. There are talks of fines reaching up to €100 million or 5% of a company’s global turnover.
This would create an extremely unforgiving world for service providers in Europe. On the one hand they face increasingly sophisticated forms of cyber-attacks, which require advanced security strategies that look at a combination of encryption and authentication to protect sensitive data.
On the other, they face significant fines if they fail to keep up speed with complex data privacy laws, and must at all times be aware of where they are lawfully allowed to transfer personal data.
The risk of error has now enhanced significantly on both fronts. It is at a telecoms operator’s peril if they fail to react accordingly.
