Data leaks and security breaches can happen to anyone, at any time. You never know when some jabroni is hiding under the wrestling ring with a steel chair, ready to attack and steal your data! The most recent example is the July 6 story from Forbes.com citing the massive WWE data leak, exposing 3 million global wrestling fans’ personal information, including home addresses, educational background, earnings and ethnicity. Talk about a Stone Cold Stunner!
According to the Forbes article, a security firm identified a huge, unprotected WWE database containing the 3 million fans’ personal info. The data was sitting on an Amazon Web Services S3 server without username or password protection, and was open to anyone who knew the web address to search.
As of the time I’m writing this blog on July 7, it’s not clear what exactly caused the leak. But I can only assume now instead of hyping SummerSlam 2017 and teasing who John Cena will face in the squared circle, the WWE is now facing a PR royal rumble while working with a cybersecurity firm to determine the cause of the data leak.
The obvious lesson to be learned here is when it comes to your company’s data, all it takes is one mistake for a massive data breach to occur. And it usually happens quickly and/or unexpectedly, like Jake the Snake Robert’s finishing move “The DDT”.
But what also caught my eye was that it wasn’t just the U.S.-based WWE fans’ data leaked. There was another WWE database left unprotected that contained addresses, telephone numbers and names of European fans.
The fact that European fans’ data was at risk is an example of a breach that the GDPR will aim to protect against starting May 25, 2018. Once it goes into effect less than one year from today, the General Data Protection Regulation (GDPR) will require organizations – both the “data controllers” and the “data processors” — to strengthen data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate compliance at any time.
And if you lose the people’s data, you get the People’s Elbow – in the form of severe fines of up to four percent of global revenue or €20 million (whichever is higher).
Do you smell what Quest is cooking for GDPR compliance?
Quest solutions focus on helping IT professionals and consultants responsible for Microsoft technologies ensure that their Microsoft environment adheres to GDPR compliance regulations. With Quest solutions, you’ll be able to continually assess, monitor and control your environment so you can stay more productive, secure and compliant with GDPR. In more detail, Quest can help you:
So if you find yourself in a compliance Figure Four leg lock, Quest can help!