UAE had two major industry data breaches in first half of 2018

Dubai: Two data breaches were recorded in the UAE in the first-half this year with more than 14 million records comprised, an industry source said.

Sebastien Pavie, regional director for Enterprise and Cybersecurity at Gemalto, said that of the two breaches, one was at the Dubai-based ride-hailing platform Careem and the other occurred in an airline.

Cyber criminals stole data from 14 million Careem customers, including names, email addresses, phone numbers and trip details in the Middle East, North Africa and South Asia, on January 14. But Pavie did not name the airline that was hit, but said the breach was “very small” compared to Careem.

In addition, he said the Telecommunications Regulations Authority (TRA) in the UAE reported a total of 274 cyber attacks targeted at government, semi-government and private sector entities in the first seven months of 2018. “Despite an overall decline in the number of data breaches, Gemalto’s Breach Level Index data suggests security incidents are getting faster and larger in scope,” he said.

The global trend highlights social media as the top source for data breaches, accounting for over 56 per cent of records breached. But in the UAE, it is more through app-based platform attacks.

“A total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56 per cent of total global records compromised,” said Pavie. Globally, the 945 data breaches led to 4.5 billion data records being compromised, a staggering 133 per cent increase compared to the first-half of 2017.

Of these breaches, 189 (20 per cent of all breaches) had an unknown or unaccounted number of compromised data records. Although the total number of breaches slightly decreased over the same period, Pavie said there has been an increase in the severity of each incident.

Breach levels

According to the Breach Level Index, almost 15 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. During the first six months of 2018, more than 25 million records were compromised every day, or 291 records a second, including medical, credit card and/or financial data or personally identifiable information.

“With the introduction of the Information Assurance Standards in the UAE as well as European regulations such as GDPR, 2018 has been a landmark year for data protection regulations and will most likely increase the number of publicly disclosed breaches,” Pavie said.

The renewed focus on data compliance is challenging for organisations, making it even more crucial to build a strong foundation to combat cyber attacks.

By implementing a proactive data security approach into IT infrastructure, companies can effectively prepare for a breach and avoid falling victim to one, Pavie said.

According to the Breach Level Index, malicious outsiders caused the largest percentage of data breaches (56 per cent), a decline of nearly 7 per cent over the second-half of 2017 and accounted for over 80 per cent of all data stolen, compromised or lost.

“Accidental loss accounted for over 879 million (9 per cent) of records lost this half, the second most popular cause of data breaches and representing over one-third of incidents. The number of records and incidents involved in malicious insider attacks fell by 50 per cent this half, compared to the same time period in 2017.”