Skip to main content

2.3bn files have been exposed online since GDPR

(Image credit: Image source: Shutterstock/Carlos Amarillo)

You would think that after GDPR businesses would be more careful with how they handle user data, but according to new figures, it seems that quite the opposite is true.

Digital risk protection firm Digital Shadows says roughly 2.3 billion data files – containing business IT system access credentials, customer passport data, bank records and medical information, have been leaked online in the last 12 months.

That means the number of exposed files rose more 50 per cent year-on-year, from 750 million files same time last year.

Here's the breakdown: 98 million records were exposed from companies in the UK, 121 million from Germany, and 326 million from the States. Half of these were exposed via the server message block (SMB) protocol, it was said.

Harrison Van Riper, a Photon Research analyst, says businesses are too focused on making data available on remote servers, disregarding security in the process.

“The focus is on the business need, with many thinking they will attend to the security aspects later, rather than baking it in from the very start,” he told Computer Weekly. “But hopefully this will change in future due to the growing influence of the GDPR and other data protection legislation,” he added.

GDPR, or General Data Protection Regulation, is an EU-wide legislation that regulates how businesses handle EU citizen data. Fines can go up to €20 million, or four per cent yearly turnover, for mishandling personal information.

Image source: Shutterstock/Carlos Amarillo