Device hacks and data breaches are becoming the rule and not the exception

There’s no way to end these device hacks and data breaches—technology companies that are responsible for the hacks are the best placed to end them. Ireland and Europe can be at the forefront of ensuring they do so. <br><br>Last week, we learned of a massive data leak affecting millions of Irish people. The data of 1.4 million people was stolen from the Irish Blood Transfusion Service board and of 1.9 million from the nine maternity hospitals in the state. <br><br>The story was covered in the national media for a couple of hours. <br><br>It was also reported that data belonging to up to 3.2 million people who donated blood in Ireland between 2004 and September 2021 was accessed by hackers. The stolen data included names, addresses, dates of birth, phone numbers, email addresses, medical details, PPSN and blood type. The HSE did not consider the data to have a "high level of sensitivity" and therefore there was no need to contact donors individually. <br><br>A week before this data breach, news broke of the largest data breach in the history of the British government. The hackers downloaded the personal details of thousands of British politicians, civil servants, judges and soldiers. <br><br>Identity theft was at the top of fraud reports in Ireland in 2022, where 2,257 incidents were recorded, representing 15pc of the overall fraud reports. <br><br>The witness of the impact of breaches of personal data is everywhere. Identity theft was at the top of fraud reports in Ireland in 2022, where 2,257 incidents were recorded, representing 15pc of the overall fraud reports. <br><br>The cost of these breaches is also going up and up. The average cost of a data breach in Ireland jumped to €4.8 million in 2023, a surge of 46pc compared to 2022. <br><br>The cost of these breaches is also going up and up. The average cost of a data breach in Ireland jumped to €4.8 million in 2023, a surge of 46pc compared to 2022. <br><br>Recents hacks have also hit young children and vulnerable victims. <br><br>Last year, hundreds of sensitive images of children were stolen in a data breach of a child abuse charity. <br><br>The data breach at St. Patrick’s Mental Health Services, included inappropriate sexualised messages to children and their families and intimate medical details. <br><br>It is clear that the hack was the result of the negligence of the state. The state was warned repeatedly before the hack that it had not completed the mandatory NIS2 requirements to protect its systems. <br><br>It is clear that the hack was the result of the negligence of the state. The state was warned repeatedly before the hack that it had not completed the mandatory NIS2 requirements to protect its systems. <br><br>The scale of the hacking is massive and is getting bigger and bigger. <br><br>The Irish Examiner reported in 2022 that the State’s Computer Emergency Response Team had confirmed that 102 ransomware attacks in Ireland in 2021. <br><br>The Examiner reported in March this year that there were 43 ransomware attacks in Ireland in the first three months of 2023. <br><br>Should tech companies be responsible for their devices? <br><br>Of course tech companies should be responsible for the security of the devices they sell to us. <br><br>But in Ireland, tech companies face zero penalties for selling us insecure IoT devices. <br><br>European countries like Germany and Austria have already introduced new laws to tackle the selling of dangerous devices and equipment. <br><br>The EU has also agreed new rules in January to introduce legal requirements for cybersecurity, including fines of up to 13 million euro for breaches. <br><br>Ireland needs to pass legislation to prevent tech companies from selling us insecure interconnected devices, which are putting our privacy and safety at risk. <br><br>The government should also order a retrospective security review of all devices sold in Ireland over the past 5 years to check whether they meet current cyber security standards. <br><br>We also need stronger data protection law to ensure that companies that lose our data are held to account. <br><br>The data protection law in Ireland has proven to be powerless to stop the data breaches and the resulting massive hacks. <br><br>All we hear from the DPC is that the breaches are being investigated. <br><br>But the DPC must also ensure that the rights of the millions of people whose data being breached are protected. <br><br>The DPC has a duty to put the needs and rights of the citizen at the very centre of its work. <br><br>Right now, it is failing miserably. <br><br>- Digital Rights Ireland <br><br>&#x200B;