Monster hack attack makes for timely Data Protection Day

Did you know that today, Wednesday 28th January, is the EU’s Data Protection Day? Probably not – it was one piece of information the government has failed to leak.

And as if to mark the occasion, this week has seen more than its fair share of data protection scandals.

It was revealed yesterday that jobs website Monster.com had suffered the largest recorded hacking attack in the UK, with hackers getting away with passwords, usernames and email addresses of all of its 4.5 million users.

They might not be as valuable as credit card numbers, but these bits of information are the keys to our online lives. As Guy Bunker from Symantec put it, “to the skilled phisher they are almost all they need to cast their net.”

According to Gartner, the incident has ramifications for the software-as-a-service industry. “You should never assume that a SaaS offering is ‘safe’, be it a fun social networking site or a serious business site,” said the analyst company’s research vice president Jay Heiser.

“If what you need to do involves information that you can’t afford to lose, or you don’t want stolen, then you need to be given evidence by the service provider that they are taking security into account,” he added.

So it was the private sector’s turn to look like the biggest threat to privacy this week. But the British Council’s loss of the personal details of 2,000 employees, revealed over the weekend, kept the public sector in the game.

And if we are looking for data protection headaches, it is not just hackers we have to worry about. Just as the Data Protection Act is being celebrated with its very own day, MPs are preparing to introduce a potentially significant amendment.

Clause 152 of the proposed Coroners and Justice Bill will, if ratified, allow government authorities to impose Information Sharing Orders on other divisions, thereby enhancing their ability to use citizen data in ways for which it was not originally intended.

Under the proposed amendment, there are plenty of conditions that will need to be satisfied before an Information Sharing Order is approved. Sharing the data must be “necessary to secure a relevant policy objective”, and must “strike a fair balance between the public interest and the interests of any person affected by it”. Also, the Information Commissioner will have a three-week window in which to block the order.

Perhaps not the 'worst-ever threat to UK privacy', as it was described this week, but it takes a highly selective memory to doubt that these policies will probably lead to more data protection scandals in the future.

So Data Protection Day seems well timed. Why then, was its website taken down some time between January 21st and today?

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...