Research by security software company Ground Labs has revealed that thousands of UK companies have stores of information about their customers which may include things such are date of birth, National Insurance numbers and credit card details.
According to the firm, businesses in the countries have “more actionable information about us than our siblings,” including information that would allow convincing identity theft.
However, much of this data is being held wittingly and illegally on company servers, and Ground Labs says that this poses a “major hacking threat” that could put sensitive information in the hands of hackers.
The firm’s analysis of hundreds of UK organisations such as high street retailers and national charities found that the majority of these were storing some form of personal data without consent from their customers.
“For some time, banks have been high profile targets for serious data hackers. As a result of this many have tightened security measures and are especially vigilant to attacks of this kind,” said Mohamed Zouine, the company’s European director.
“The issue is that other sectors – from hospitals to commercial businesses, are leaving themselves vulnerable. Without realising, they often hold huge quantities of information and are negating the effects of increased security elsewhere,” he claimed.
However, ignorance is not an excuse and holding personal data in this way is a breach of international compliance obligations whether the offender is aware of their crime or not.
“Thousands of UK organisations are sitting on a data breach time bomb and the effect of a serious attack will cripple reputations and customer confidence,” said Zouine.
“The best solution is to restrict the damage of even the most determined hacker. If sweeping for rogue data is treated like routine virus scanning, the threat to consumers and the opportunity for fraudsters becomes far less significant,” he added.