The Jersey Office of the Information Commissioner ('JOIC') published, on 7 February 2022, a blog post from Nick Topman, member of the JOIC, on the importance of adopting safe and proportionate data security measures, illustrating how seemingly minor data breaches may have more serious consequences than initially envisaged. In particular, Topman highlighted that one bit of personal information, such as a name, while not being unique, may still begin a trail of breadcrumbs allowing threat actors to add pieces of information together to create a larger profile, and consequently tailor scam content to try to appeal to a demographic to increase the chance of success.

In addition, Topman outlined the dangers of using the same username and password across different services. Specifically, Topman explained that, in such instances, if one account or service is breached, those login credentials could also unlock others, providing threat actors with a larger attack surface. Notably, Topman pointed out that attacks that exploit the reuse of credentials, such as a credential stuffing attacks, can be difficult to prevent for organisations.

Furthermore, Topman highlighted that no piece of personal information should be considered insignificant, as it can be exploited in multiples ways, such as for improper authentication. Specifically, Topman stated that improper authentication may lead to some data, which is deemed harmless, facilitating access to accounts by getting around the intended authentication process.

Finally, Topman provided some recommendations to mitigate security risks, including the use of multifactor authentication.

You can read the blog post here.