GDPR Breach: What you can learn from 20GB Intel data theft
A few days ago, Intel confirmed they suffered a security and GDPR breach. Approximately 20GB of data was uploaded to torrents and file-sharing site MEGA.
The below is an unverified screenshot available on many tech sites talking about the software. It appears that the majority of the information is internal documentation and research – but as employee names are included in documentation this still qualifies as a gdpr breach.
The files contained technical specs, product guides, and manuals for CPUs dating back to 2016.
Controlling the Narrative around a GDPR Breach
“Getting there first” is critical to controlling the narrative surrounding a data breach. Honesty and openness are the key, and by being honest and open after a GDPR breach (or any security breach), you won’t find yourself in a situation where third-party bloggers are coming up first when people look for information.
We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.
The above quote is Intel’s response to the breach, supplied to a large number of major tech sites and tech bloggers. However, due to Intel’s slow response, when you search for the quote, their site doesn’t even come up.
It’s an example of a textbook response of how NOT to do things. Sure, if you’re a small business in the midlands in the UK, you’re not going to face thousands of major international tech sites covering your breach. But local news will, and you need your response to come up first.
How did this Happen?
Intel are declining to confirm or deny the details about the breach, but Till Kottmann, the Swiss software engineer who broke the story, released the following correspondence with the anonymous source.
It appears that the source of the hack was terrible internal security procedures – a directory open to the internet, default passwords that were easy to guess. A multibillion pound company defeated, it would seem, by laziness.
Have you Suffered a Breach?
Whether you’ve suffered a breach, or are concerned you might have security issues, contact us about our GDPR consultant services.
We offer a confidential service, tailored to your business, and can undertake a comprehensive security review of your internal processes, file storage and website.