Case Studies Data Breach Notification
Website phishing
A private sector (educational) data controller reported an incident of phishing, where a staff member had clicked on a suspicious website link and entered their credentials resulting in their email account becoming compromised.
The data controller had not enabled multi-factor authen- tication on its email accounts . Had this technical measure and appropriate cyber security training been in place from the outset this data breach may have been preventable .