Data breach in Germany: Who will pay the GDPR fine this time?
Germany seems to be in the news for wrong reasons. The country paid its first GDPR fine recently. Now a major data breach in the country’s political circle…
Back in the headlines
Well, Germany is in the news again – and not for the right reasons. The global press recently published news about a major data breach in Germany. This time targeting the political elite, including the Chancellor, Ms. Angela Merkel, President Frank-Walter Steinmeier and hundreds of German politicians across political hues from the lower house of parliament to the European parliament and local assemblies. According to government sources, their data have been released online. This includes a wide range of information from home addresses and mobile phone numbers to official letters, identity papers, and financial documents – all published through Twitter last December.
Hackers or Internal Threat?
It is still anybody’s guess as to whether this data breach debacle is the handy work of foreign powers, private hackers in collusion with foreign powers or internal threat – workers in the Bundestag’s departments.
Interestingly, in one of his popular blog posts titled ‘Perceptions of a Serial Entrepreneur (Part 7): The Age of Electronic Intelligence’ (published in LinkedIn), Chairman of SECUDE, Dr. Heiner Kromer states, “All governments are in this game of electronic cat and mouse. Interestingly, so are many IT companies.” It is well known that certain pernicious governments are in cahoots with terrorists and other anti-social elements in working their way into the political system of popular democratic societies. The data breach in Germany could be the outcome of one such attack.
What should data security practitioners consider?
Among the other questions that bring to one’s mind is: Could theft of such information be avoided? The answer to this rests in three key concepts.
- Monitor all data flow and user-based or protocol-based machine-to-machine communication based on classification and rights with the ability to notify authorities in real time.
- Block data that must not leave the environment.
- Protect data that must be shared with stakeholders outside the system such that it is accessible only to those for whom it is meant.
Point to ponder
It is seriously time that politicians, the public and all classes in between take a serious look at data security – especially those who are prone to lose brand equity and political prowess. Data protection is unquestionably the need of the hour.
If your organization’s data resides in SAP, you need to think beyond data security solutions that come as part of the ‘package’. It’s time you give thought a dedicated data protection solution for SAP. For more information, click here.