Skip to main content

2.3bn files have been exposed online since GDPR

(Image credit: Image source: Shutterstock/Carlos Amarillo)

You would think that after GDPR businesses would be more careful with how they handle user data, but according to new figures, it seems that quite the opposite is true.

Digital risk protection firm Digital Shadows says roughly 2.3 billion data files – containing business IT system access credentials, customer passport data, bank records and medical information, have been leaked online in the last 12 months.

That means the number of exposed files rose more 50 per cent year-on-year, from 750 million files same time last year.

Here's the breakdown: 98 million records were exposed from companies in the UK, 121 million from Germany, and 326 million from the States. Half of these were exposed via the server message block (SMB) protocol, it was said.

Harrison Van Riper, a Photon Research analyst, says businesses are too focused on making data available on remote servers, disregarding security in the process.

“The focus is on the business need, with many thinking they will attend to the security aspects later, rather than baking it in from the very start,” he told Computer Weekly (opens in new tab). “But hopefully this will change in future due to the growing influence of the GDPR and other data protection legislation,” he added.

GDPR, or General Data Protection Regulation, is an EU-wide legislation that regulates how businesses handle EU citizen data. Fines can go up to €20 million, or four per cent yearly turnover, for mishandling personal information.

Image source: Shutterstock/Carlos Amarillo

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.